SecurityHome.eu Trojan-Dropper:W32/Ambler.D

Home / malware PDF

Trojan-Dropper:W32/Ambler.D

First posted on 19 December 2008.
Source: SecurityHome
Aliases :
There are no other names known for Trojan-Dropper:W32/Ambler.D.
Explanation :
This type of trojan contains one or more malicious programs, which it will secretly install and execute.

right]This malware drops a malicious file that steals credentials from Internet banking websites.

Installation
The following component is injected into the iexplorer.exe process:

%windir%system32svchstb.dll

The injected code is registered as Internet Explorer's Browser Helper Object (BHO). This injected code is the main component file that allows the malware to steal passwords from Internet Explorer's auto-complete passwords cache.

The malware also attempts to connect to a remote server and download files from it:

http://vcounter.cn/[...]/cd.php?userid=random_number

Last update 19 December 2008

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I