SecurityHome.eu PWS:Win32/QQpass.CJZ

Home / malware PDF

PWS:Win32/QQpass.CJZ

First posted on 22 February 2012.
Source: Microsoft
Aliases :
PWS:Win32/QQpass.CJZ is also known as Trojan.PWS.Qqpass.7398 (Dr.Web), Trojan-PWS.Win32.QQpass (Ikarus), Trojan-PSW.Win32.QQPass.atwf (Kaspersky).
Explanation :
PWS:Win32/QQpass.CJZ is a DLL file that overwrites a legitimate file component of the Baidu upgrade portal program. Once loaded, it steals the user's QQ account name and password, and sends it to a remote attacker.

Top

PWS:Win32/QQpass.CJZ is a DLL file that overwrites a legitimate file component of the Baidu upgrade portal program. Once loaded, it steals the user's QQ account name and password, and sends it to a remote attacker.

Installation

PWS:Win32/QQpass.CJZ overwrites the legitimate file "bdaucommon.dll". This file is a DLL component of "bdupdate.exe", Baidu's update program.

Payload

Steals user information

If called by "bdupdate.exe", PWS:Win32/QQpass.CJZ steals the user's Baidu user name and password, and sends the information to the following server:

173.255.194.254

As of this writing, the server is unavailable.

Analysis by Haoran Yu

Last update 22 February 2012

TOP

Malware :

Last 20

PWS:Win32/QQpass.CJZ

Aliases :

Explanation :

Malware :

Family: