SecurityHome.eu Trojan-PSW:W32/Nilage.AFZ

Home / malware PDF

Trojan-PSW:W32/Nilage.AFZ

First posted on 05 September 2008.
Source: SecurityHome
Aliases :
There are no other names known for Trojan-PSW:W32/Nilage.AFZ.
Explanation :
Trojan-PSW:W32/Nilage.AFZ attempts to steal username and password information for the Lineage MMORPG.

right]Nilage.AFZ terminates the following security related processes:

RavMon.exe

EGHOST.EXE

MAILMON.EXE

KAVPFW.EXE

IPARMOR.EXE

Ravmond.EXE

It also closes the window titled RavMonClass if it exists.

The trojan monitors traffic to the following URLs in order to steal username and password information:

https://cs.lineage.co.kr/account/losePassword/losePasswordCheck.asp

https://cs.lineage.co.kr/account/forgetPassword/forgetPasswordSub.asp

https://cs.lineage.co.kr/account/losePassword/losePasswordForm.asp

https://cs.lineage.co.kr/account/forgetPassword/forgetPasswordForm.asp

The stolen data is stored in c:logo.dat before it is sent to the attacker via e-mail.
Last update 05 September 2008

TOP

Malware :

None in database

Last 20

Trojan-PSW:W32/Nilage.AFZ

Aliases :

Explanation :

Malware :

Family: