Home / malware Trojan.PWS.OnlineGames.ZAY
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.PWS.OnlineGames.ZAY.
Explanation :
This trojan is intended to steal passwords from online games. Once it is executed, a .dll file will be dropped in %SYSTEM% directory. That .dll file actually does all the job.
On a new system restart, the dll will be injected in every running process. If the target process is not the right one, the trojan will simply unload itself from that process.
Next, this malware will do several things to break the application protection, and then will send stolen data to a web server, originated in China. While communicating with server, User-Agent is set to "Inet".
Malware communicates with server using GET method, link looks something like:
http://sy62[removed]22.org/chuanshi/push.asp?b=..&k=..Last update 21 November 2011