SecurityHome.eu PWS:Win32/Dozmot.E

Home / malware PDF

PWS:Win32/Dozmot.E

First posted on 23 October 2010.
Source: SecurityHome
Aliases :
There are no other names known for PWS:Win32/Dozmot.E.
Explanation :
PWS:Win32/Dozmot.E is a password stealer for certain online games, such as "World of Warcraft" (WoW). It collects information such as the user's account and password, and sends the data to a remote server.
Top

PWS:Win32/Dozmot.E is a password stealer for certain online games, such as "World of Warcraft" (WoW). It collects information such as the user's account and password, and sends the data to a remote server. InstallationPWS:Win32/Dozmot.E may be dropped by TrojanDropper:Win32/Dozmot.D to the affected computer. Payload Steals online game informationPWS:Win32/Dozmot.E modifies the game process in memory, then attempts to steal the following information from currently-running online game processes:

User name
Password
Server address
Character information
This information is then collected and sent to a remote server. In the wild, PWS:Win32/Dozmot.E has been observed to steal information from the game "World of Warcraft". Other PWS:Win32/Dozmot.E samples may target other games. Terminates game application
PWS:Win32/Dozmot.E attempts to terminate the game process to force the user to re-login.

Analysis by Chun Feng
Last update 23 October 2010

TOP

Malware :

Last 20

PWS:Win32/Dozmot.E

Aliases :

Explanation :

Malware :

Family: