Home / malware Trojan:Win32/Fgrabber.A
First posted on 20 November 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Fgrabber.A is also known as Trojan.AVKill.2 (Dr.Web).
Explanation :
Trojan:Win32/Fgrabber.A is a trojan that runs other installed malware to posts spam messages to user profile pages on the social networking site Facebook.com.
Top
Trojan:Win32/Fgrabber.A is a trojan that runs other installed malware to posts spam messages to user profile pages on the social networking site Facebook.com. InstallationThis trojan may be distributed and embedded within a file named "photo.exe". When run, it creates the following files: %TEMP%\ fb_spam.exe - Trojan:Win32/Fgrabber.exe %TEMP%\ result.exe - Trojan:Win32/Fbspammer.A %TEMP%\ pics.JPG - clean image file The trojan component "result.exe" is then executed. Payload Communicates with a remote serverThis trojan communicates with a remote server to retrieve other instructions. Posts spam messagesThe trojan attempts to log into Facebook.com using stored credentials from the affected user. Once logged in, the trojan attempts to post spam messages to other "friend" pages of the affected logged in user. The spam messages may contain a hyperlink that points to a copy of the trojan stored on a remote server.
Analysis by Dan KurcLast update 20 November 2010
