Home / malware

PDF

TrojanSpy:Win32/Camec.A

First posted on 10 September 2010.
Source: SecurityHome

Aliases :

TrojanSpy:Win32/Camec.A is also known as Trojan-Spy.Win32.Camec (Ikarus).

Explanation :

TrojanSpy:Win32/Camec.A is a trojan that gathers user credentials, which are then stored in a remote server.
Top

TrojanSpy:Win32/Camec.A is a trojan that gathers user credentials, which are then stored in a remote server. Installation TrojanSpy:Win32/Camec.A is installed as a Browser Helper Object (BHO) by TrojanDownloader:Win32/Camec.A. It may arrive in the computer as the following file:

<system folder>/shdoflash.dll

Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Payload Steals user credentials TrojanSpy:Win32/Camec.A intercepts browser communication to steal the user's credentials when the user visits any of the following websites: bancobrasil.com.br bradesco.com.br caixa.gov.br hotmail.com live.com msn.com santandernet.com.br TrojanSpy:Win32/Camec.A then saves all gathered information to a database located in a remote server.

Analysis by Marian Radu

Last update 10 September 2010

 

TOP