https://www.botnets.fr/index.php?title=New_trojan_found:_Admin.HLP_leaks_organizations_data&feed=atom&action=history
New trojan found: Admin.HLP leaks organizations data - Revision history
2024-03-29T15:29:40Z
Revision history for this page on the wiki
MediaWiki 1.36.1
https://www.botnets.fr/index.php?title=New_trojan_found:_Admin.HLP_leaks_organizations_data&diff=2478&oldid=prev
Eric.freyssinet: 1 revision imported
2015-02-07T14:27:53Z
<p>1 revision imported</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:27, 7 February 2015</td>
</tr>
<!-- diff cache key wiki:diff::1.12:old-774:rev-2478 -->
</table>
Eric.freyssinet
https://www.botnets.fr/index.php?title=New_trojan_found:_Admin.HLP_leaks_organizations_data&diff=774&oldid=prev
Eric.freyssinet at 14:38, 21 December 2014
2014-12-21T14:38:28Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:38, 21 December 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l5">Line 5:</td>
<td colspan="2" class="diff-lineno">Line 5:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Year=2012</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Year=2012</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Botnet=Admin.HLP</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Botnet=Admin.HLP</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|<del style="font-weight: bold; text-decoration: none;">Extract</del>=Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|<ins style="font-weight: bold; text-decoration: none;">Abstract</ins>=Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>time at one of its customers. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>time at one of its customers. </div></td></tr>
<!-- diff cache key wiki:diff::1.12:old-773:rev-774 -->
</table>
Eric.freyssinet
https://www.botnets.fr/index.php?title=New_trojan_found:_Admin.HLP_leaks_organizations_data&diff=773&oldid=prev
Eric.freyssinet: Created page with "{{Publication |Link=http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/ |Author=Eyal Benishti |Editor=ERT Threat Al..."
2014-12-21T14:38:09Z
<p>Created page with "{{Publication |Link=http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/ |Author=Eyal Benishti |Editor=ERT Threat Al..."</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:38, 21 December 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{Publication</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>{{Publication</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|Link=http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/ <del style="font-weight: bold; text-decoration: none;">blog.radware.com</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|Link=http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Author=Eyal Benishti</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Author=Eyal Benishti</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|<del style="font-weight: bold; text-decoration: none;">NomRevue</del>=ERT Threat Alert</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|<ins style="font-weight: bold; text-decoration: none;">Editor</ins>=ERT Threat Alert</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">|Date=28 août 2012</del></div></td><td colspan="2"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">|Editor=Radware</del></div></td><td colspan="2"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Year=2012</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Year=2012</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Botnet=Admin.HLP</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Botnet=Admin.HLP</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|<del style="font-weight: bold; text-decoration: none;">Abstract</del>=Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|<ins style="font-weight: bold; text-decoration: none;">Extract</ins>=Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>time at one of its customers. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>time at one of its customers. </div></td></tr>
<!-- diff cache key wiki:diff::1.12:old-2477:rev-773 -->
</table>
Eric.freyssinet
https://www.botnets.fr/index.php?title=New_trojan_found:_Admin.HLP_leaks_organizations_data&diff=2477&oldid=prev
Eric.freyssinet at 22:05, 28 August 2012
2012-08-28T22:05:20Z
<p></p>
<p><b>New page</b></p><div>{{Publication<br />
|Link=http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/ blog.radware.com<br />
|Author=Eyal Benishti<br />
|NomRevue=ERT Threat Alert<br />
|Date=28 août 2012<br />
|Editor=Radware<br />
|Year=2012<br />
|Botnet=Admin.HLP<br />
|Abstract=Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key <br />
Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first <br />
time at one of its customers. <br />
Admin.HLP, the newly found Trojan, is malicious software that monitors keystrokes<br />
on the victim’s computer, collects user passwords, credit card numbers and other <br />
sensitive information. It then sends all the stolen data out of the organization to the <br />
attackers’ remote servers over secured HTTPS connection.<br />
The Admin.HLP Trojan is hidden within a standard windows help file named <br />
Amministrazione.hlp and it is attached to emails. This standard help file does not <br />
activate any installed anti-virus programs, and therefore it goes under the radar of <br />
standard anti-virus solutions. Once the victim opens the Windows help file, the <br />
Admin.HLP Trojan installs itself on the victim’s computer where it starts to collect <br />
keystrokes. The Trojan periodically sends the stored keystrokes to the attackers’ <br />
remote server.<br />
To remain a persistent Trojan threat, Admin.HLP creates a startup file in Windows, <br />
guaranteeing that the Trojan is invoked after every restart of the computer.<br />
}}</div>
Eric.freyssinet