SecurityHome.eu Trojan.PWS.Tupai.A

Home / malware PDF

Trojan.PWS.Tupai.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Trojan.PWS.Tupai.A.
Explanation :
The file is usually dropped in Internet Explorer folder under the name of setupapi.dll. The trojan is used to steal passwords to ftps servers. In order to get access to this information it searches for well known ftp programs installed on the client’s computer and depending on what program is installed it tries to decrypt passwords and addresses of ftp servers. After the decryption is complete it encrypts it using its own algorithm and sends the data to http://85.225.[hidden].198/ftpg/ftp.php.

The following programs are vulnerable:

SecureFx

IpSwitch

FTPWare

Rhine Software

FileZilla

Total Commander

BulletProof Ftp

GlobalScape Ftp

CoffeCup Fp

Ftp Commander Pro

Smart Ftp

Leap Ftp

Far
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20