Home / malware PWS:Win32/Dozmot.D
First posted on 17 September 2010.
Source: SecurityHomeAliases :
PWS:Win32/Dozmot.D is also known as W32/OnlineGames.CL.gen!Eldorado (Authentium (, Trojan-GameThief.Win32.OnLineGames.bnkb (Kaspersky), W32/Magania.GZ (Norman), Trojan.PWS.Magania.ALGW (VirusBuster), Trojan horse PSW.OnlineGames3.ATCA (AVG), TR/PSW.OnlineGames.bnkb.71 (Avira), Trojan.Generic.4628555 (BitDefender), Win32/Onlinegames!generic (CA), Trojan.PWS.Gamania.27856 (Dr.Web), Win32/PSW.WOW.NQS (ESET), Trojan-GameThief.Win32.WOW (Ikarus), PWS-Mmorpg!px (McAfee), Trj/Lineage.LNC (Panda), Trojan.Win32.FakeKsUsr.a (Rising AV), Trojan.Win32.Generic!BT (Sunbelt Software), Infostealer.Onlinegame (Symantec) more.
Explanation :
PWS:Win32/Dozmot.D is a password stealer for various online games, for example, "Perfect World". It collects information on the user's account and password, and sends the data to a remote server.
Top
PWS:Win32/Dozmot.D is a password stealer for the online game "Perfect World". It collects information on the user's account and password, and sends the data to a remote server. Installation PWS:Win32/Dozmot.D is dropped and installed by other malware components. Payload Steals online game information By modifying the game process memory, PWS:Win32/Dozmot.D attempts to steal the following information from currently-running online game processes:User name Password Server address Character information This information is then collected and sent to a remote server. In the wild, PWS:Win32/Dozmot.D has been observed to steal information from the game "Perfect World". However, other Dozmot.D samples may target other games. Terminates processes PWS:Win32/Dozmot.D attempts to terminate the game process to force the user to re-login.
Analysis by Chun FengLast update 17 September 2010
