SecurityHome.eu Trojan-Spy:W32/Ambler.C

Home / malware PDF

Trojan-Spy:W32/Ambler.C

First posted on 19 December 2008.
Source: SecurityHome
Aliases :
There are no other names known for Trojan-Spy:W32/Ambler.C.
Explanation :
This type of trojan secretly installs spy programs and/or keylogger programs.

right]This malware secretly captures a user's credentials for Internet banking webpages; the stolen information is then forwarded to a remote server.

Installation
The trojan uses the following file names to register itself as Internet Explorer's plugin:

svchstb.dll

smbmngr.dll

Execution
The captured credentials are first encrypted and stored in:

%windir%system32alog.txt.

Periodically, the information in the file is forwarded (using the HTTP POST command) to the following remote servers:

http://vcounter.cn/stat2/[...].php

http://vcounter.cn/stat2/[...].php

http://vcounter.cn/stat2/[...].php

http://vcounter.cn/stat2/[...].php

Last update 19 December 2008

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I