Home / malwarePDF  

PWS:Win32/Reveton.B


First posted on 23 May 2013.
Source: Microsoft

Aliases :

PWS:Win32/Reveton.B is also known as Gen:Variant.Graftor.Elzob.644 (BitDefender), Mal/Banc-B (Sophos), TR/Spy.Gen2 (Avira).

Explanation :



Installation

PWS:Win32/Reveton.B gets loaded in memory on the fly by the Trojan:Win32/Reveton family.

If your security software detects a Trojan:Win32/Reveton infection, you may also be infected with PWS:Win32/Reveton.B.



Payload

Steals passwords

PWS:Win32/Reveton.B can steal passwords for file downloaders, remote control applications, FTP, poker, chat and e-mail clients. It can also steal passwords stored by browsers and in protected storage.

The stolen information is then sent to a remote attacker using a custom-made protocol.

This trojan may steal passwords for the following FTP clients:

  • BitKinex
  • Bullet
  • ClassicFTP
  • CoffeeCup
  • Commander
  • CoreFTP4
  • CuteFTP
  • DOpus
  • ExpanDrive
  • FAR
  • FFFTP
  • FFFTP
  • FileZilla
  • FlashFXP
  • Fling
  • FreeFTP
  • Frigate3
  • FTP
  • FTPCommander
  • FTPControl
  • FTPExplorer
  • FTPRush
  • FTPUploader
  • LeapFTPh
  • NetDrive
  • Proof
  • SecureFX
  • SmartFTP
  • SoftX
  • Total
  • TurboFTP
  • UltraFXP
  • UltraFXP_Base
  • WebDrive
  • WebSitePublisher
  • WinSCP
  • WS_FTP


It may steal passwords for the following instant messaging programs:

  • AIM
  • AIMPRO
  • Astra
  • Digsby
  • Excite
  • Faim
  • Gaim
  • Gizmo
  • GTalk
  • ICQ2003
  • ICQ99b
  • IM2
  • JAJC
  • LiveMessenger
  • Miranda
  • MSN
  • MySpace
  • Odigo
  • PalTalk
  • Pandion
  • Pidgin
  • PSI
  • QIP
  • QIPOnline
  • RQ
  • Trillian
  • Yahoo


PWS:Win32/Reveton.B may steal passwords for the following file downloaders:

  • DMaster
  • FlashGet
  • GetRight
  • Internet Download Accelerator (IDA)


It may steal passwords for the following poker clients:

  • 888Poker
  • AbsoluteCommon
  • AbsolutePoker
  • CakePoker
  • FullTiltPoker
  • PartyPoker
  • Poker
  • PokerStars
  • TitanPoker
  • UBPokerlOM


It may steal passwords from the following internet browsers:

  • Chrome
  • Firefox
  • Flock
  • IE
  • Mozilla
  • Opera
  • Safari
  • SeaMonkey


PWS:Win32/Reveton.B may steal passwords for the following email clients:

  • Becky
  • Email
  • Eudora
  • ForteAgent
  • Gmail
  • GroupMailFree
  • IncrediMail
  • MailCommander
  • MRAt
  • Outlook
  • PocoMail
  • POPPeeper
  • Scribe
  • The_Bat
  • Thunderbird
  • VypressAuvis
  • Windows_Mail_Base
  • Windows_Mail_Live
  • Windows_Mail_Vista


It may steal passwords for the following remote control programs:

  • CiscoVPN
  • PCRemoteControl
  • RDP
  • WinVNC


The trojan may steal passwords from the following Windows services:

  • Passport.Net / WindowsLive credentials
  • Protected Storage
  • Remote Access Service (RAS)

Last update 23 May 2013

 

TOP

Malware :

Family: