Home / malware PWS:Win32/Bzub.gen
First posted on 06 March 2012.
Source: MicrosoftAliases :
PWS:Win32/Bzub.gen is also known as Win-Trojan/Bzub.77016.C (AhnLab), W32/Trojan.ZMI (Command), W32/BZub.MW (Norman), Trojan.DR.BZub.Gen.5 (VirusBuster), PSW.Generic3.ALT (AVG), TR/Drop.Ebill.A (Avira), Trojan.Spy.Bzub.CV (BitDefender), Trojan.PWS.Tanspy (Dr.Web), Win32/Spy.BZub.HK trojan (ESET), MalwareScope.Trojan-Spy.BZub.3 (Ikarus), Trojan-Spy.Win32.BZub.hk (Kaspersky), Trojan.Spy.Bzub.re (Rising AV), Mal/Cimuz-A (Sophos), Infostealer.Bzup (Symantec), TSPY_BZUB.JF (Trend Micro).
Explanation :
PWS:Win32/Bzub.gen is a generic detection for the installer of a malicious web Browser Helper Object (BHO) or a DLL that may monitor typed logon credentials for accessed websites.
Top
PWS:Win32/Bzub.gen is a generic detection for the installer of a malicious web Browser Helper Object (BHO) or a DLL that may monitor typed logon credentials for accessed websites.
Installation
When executed, PWS:Win32/Bzub.gen drops and installs a malicious web Browser Helper Object (BHO) or a DLL that is loaded within Internet Explorer as a BHO.
The dropped component may be detected as PWS:Win32/Bzub.gen!dll.
Payload
Steals sensitive information
PWS:Win32/Bzub.gen may monitor user-entered URLs and web form data, which it may then send to a remote attacker.
Analysis by Jireh Sanico
Last update 06 March 2012
