Home / malware PWS:Win32/Verweli.A
First posted on 11 June 2010.
Source: SecurityHomeAliases :
PWS:Win32/Verweli.A is also known as Trojan-Banker.Win32.Agent.asq (Kaspersky), TrojanSpy.Mafod.BSL (VirusBuster), Trojan horse PSW.Banker5.AYZC (AVG), Win32/Spy.Banker.RPT (ESET), Trj/Banker.MEK (Panda), Mal/Banker-U (Sophos), TROJ_BANKER.MLB (Trend Micro).
Explanation :
PWS:Win32/Verweli.A is a password-stealing trojan that targets accounts on certain Web sites.
Top
PWS:Win32/Verweli.A is a password-stealing trojan that targets accounts on certain Web sites. Installation PWS:Win32/Verweli.A may be present in the computer as the following file:<system folder>\NetLogom.exe Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. It may create the following files in the same folder in which it is running:files00.gmc files00.gm_ files00.gpc acpi.vxd Payload Steals user names and passwords PWS:Win32/Verweli.A attempts to intercept HTTPS traffic and steal user credentials when a user accesses the following sites: live.com uol.com.br Downloads and installs other files PWS:Win32/Verweli.A may download and install other files from certain Web sites.
Analysis by Marian RaduLast update 11 June 2010