Home / malware Win32/Fynloski
First posted on 13 June 2014.
Source: MicrosoftAliases :
There are no other names known for Win32/Fynloski.
Explanation :
Threat behavior
This family of backdoor trojans uses a remote administration tool (RAT) called "Dark Comet' to perform various functions on your PC without your knowledge.
Installation
Variants of the family can be installed in a number of ways, including through the use of legitimate installers or from other malware tools.
The file names used by the malware vary widely between installations of the threat, but generally they appear as spoofs of system, legitimate, or generic file names. They may also use names used by the RAT Dark Comet, such as:
- dcmodule.exe
- darkcomet rat.exe
It modifies the registry entry so that it runs each time you start your PC. There are many different variations on what subkey or value the threat uses.
The threats in this family can do any of the following:
- Capture video from your webcam
- Control the clipboard
- Control the mouse, including what it clicks on
- Display a message box
- Download and run files
- Get information about your PC
- Hide your PC's default screens and windows
- Open and close the CD-ROM drive
- Record sound produced by the PC
- Record keystrokes
- Set a custom background
- Steal passwords from known applications, including web broswers and MSN
- Steal text from the clipboard
- Type text on the screen
- Receive other remote commands from an attacker
The threat sends data it steals back to the remote malicious hacker, who can also take control of your PC.
Analysis by Daniel Chipiristeanu
Symptoms
Alerts from your security software may be the only symptom.
Last update 13 June 2014
