Home / malwarePDF  

PWS:Win32/Lolyda.W


First posted on 16 March 2009.
Source: SecurityHome

Aliases :

PWS:Win32/Lolyda.W is also known as Also Known As:Win32/Lolyda!generic (CA), Generic.Malware.PWS.06FAA939 (BitDefender), Trojan.Win32.SmallGame.bf (Kaspersky), Infostealer.Onlinegame (Symantec), PWS-OnlineGames.dg (McAfee).

Explanation :

PWS:Win32/Lolyda.W is a DLL file that steals user information about certain online games.

Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

PWS:Win32/Lolyda.W is a DLL file that steals user information about certain online games. It arrives in the system with a random file name, for example, "de69ea25.dll". It checks if the process it is loaded into is either of the following:

  • xy2_ex.exe
  • xy2.exe
  • If the loading process is verified to be of a certain type, Win32/Lolyda.W searches the process for private information on the user, such as account information and user password. The gathered information is then use to construct a URL query in the following format:
    account=%s&password1=%s&password2=%s This query is then sent to the server "dh2.ac5566.cn".

    Analysis by Huzefa Mogri

    Last update 16 March 2009

     

    TOP