Home / malware Trojan-Dropper:W32/Ambler.D
First posted on 19 December 2008.
Source: SecurityHomeAliases :
There are no other names known for Trojan-Dropper:W32/Ambler.D.
Explanation :
This type of trojan contains one or more malicious programs, which it will secretly install and execute.
right]This malware drops a malicious file that steals credentials from Internet banking websites.
Installation
The following component is injected into the iexplorer.exe process:
- %windir%system32svchstb.dll
The injected code is registered as Internet Explorer's Browser Helper Object (BHO). This injected code is the main component file that allows the malware to steal passwords from Internet Explorer's auto-complete passwords cache.
The malware also attempts to connect to a remote server and download files from it:
- http://vcounter.cn/[...]/cd.php?userid=random_number
Last update 19 December 2008