Home / malwarePDF  

TrojanDownloader:Win32/Catinea.B


First posted on 27 November 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Catinea.B is also known as Trojan-GameThief.Win32.WOW.adca (Kaspersky), Trojan horse PSW.Legendmir.NES (AVG), TR/Hijacker.Gen (Avira), Trojan.PWS.Gamania.29001 (Dr.Web), Win32/PSW.Legendmir.NIG (ESET), Trojan-Downloader.Win32.Catinea (Ikarus), Trj/Wow.YO (Panda), TSPY_LEGMIR.SMXD (Trend Micro).

Explanation :

TrojanDownloader:Win32/Catinea.B is a trojan that steals a user's account information from certain online games. It also downloads and executes arbitrary files.
Top

TrojanDownloader:Win32/Catinea.B is a trojan that steals a user's account information from certain online games. It also downloads and executes arbitrary files. Installation TrojanDownloader:Win32/Catinea.B may be dropped by other Win32/Catinea components, for example, TrojanDownloader:Win32/Catinea.A. It backs up a copy of <system folder>\lpk.dll or <system folder>\usp10.dll to <system folder>\thumbs.db. It then replaces the chosen file with its own copy. Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Payload Steals online game information TrojanDownloader:win32/Catinea.B may steal the account information for a number of different games, including:

  • World of Warcraft
  • QQ Game
  • Legend of Mir
  • Downloads and executes arbitrary files TrojanDownloader:Win32/Catinea.B connects to remote hosts to download and execute arbitrary files in the computer. In the wild, TrojanDownloader:Win32/Catinea.B has been observed to contact the following domain for this purpose:
  • mail.lx360.cn


  • Analysis by Chun Feng

    Last update 27 November 2010

     

    TOP