New trojan found: Admin.HLP leaks organizations data

From Botnets.fr
Revision as of 23:05, 28 August 2012 by Eric.freyssinet (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

New trojan found: Admin.HLP leaks organizations data
Botnet Admin.HLP
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 28 août 2012
Editor/Conference Radware
Link http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/ blog.radware.com (blog.radware.com Archive copy)
Author Eyal Benishti
Type

Abstract

Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key

Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first time at one of its customers. Admin.HLP, the newly found Trojan, is malicious software that monitors keystrokes on the victim’s computer, collects user passwords, credit card numbers and other sensitive information. It then sends all the stolen data out of the organization to the attackers’ remote servers over secured HTTPS connection. The Admin.HLP Trojan is hidden within a standard windows help file named Amministrazione.hlp and it is attached to emails. This standard help file does not activate any installed anti-virus programs, and therefore it goes under the radar of standard anti-virus solutions. Once the victim opens the Windows help file, the Admin.HLP Trojan installs itself on the victim’s computer where it starts to collect keystrokes. The Trojan periodically sends the stored keystrokes to the attackers’ remote server. To remain a persistent Trojan threat, Admin.HLP creates a startup file in Windows, guaranteeing that the Trojan is invoked after every restart of the computer.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR376,
   editor = {Radware},
   author = {Eyal Benishti},
   title = {New trojan found: Admin.HLP leaks organizations data},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2012},
   howpublished = {\url{http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/ blog.radware.com}},
 }