Home / malwarePDF  

PWS:Win32/VB.DD


First posted on 18 May 2010.
Source: SecurityHome

Aliases :

PWS:Win32/VB.DD is also known as W32/VB-Backdoor-ESVR-based!Maximus (Authentium &, Trojan-PSW.Win32.Dybalom.aqj (Kaspersky), PSW.VB.AZA (AVG), Win32/PSW.VB.NFA (ESET), Trojan-Spy.Win32.Yazoka (Ikarus).

Explanation :

PWS:Win32/VB.DD is a trojan that attempts to steal system information and passwords from known applications.
Top

PWS:Win32/VB.DD is a trojan that attempts to steal system information and passwords from known applications. Installation It may arrived in the system as a dropped component of other malware. Payload Steal system information PWS:Win32/VB.DD may steal system information such as user names and passwords from the following programs: Chrome FileZilla FireFox No IP The stolen information is saved in the following location: %windir%\<>.txt The stolen data may be sent to a remote attacker via FTP. PWS:Win32/VB.DD also checks if the malware is being run in a virtual machine environment or in a sandbox by checking the following process names: SandboxieDcomLaunch.exe SandboxieRpcSs.exe VMwareService.exe VMwareTray.exe VMwareUser.exe

Analysis by Elda Dimakiling

Last update 18 May 2010

 

TOP