New trojan found: Admin.HLP leaks organizations data

From Botnets.fr
Revision as of 15:27, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

New trojan found: Admin.HLP leaks organizations data
Botnet Admin.HLP
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 /
Editor/Conference ERT Threat Alert
Link http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/ (Archive copy)
Author Eyal Benishti
Type

Abstract

Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key

Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first time at one of its customers. Admin.HLP, the newly found Trojan, is malicious software that monitors keystrokes on the victim’s computer, collects user passwords, credit card numbers and other sensitive information. It then sends all the stolen data out of the organization to the attackers’ remote servers over secured HTTPS connection. The Admin.HLP Trojan is hidden within a standard windows help file named Amministrazione.hlp and it is attached to emails. This standard help file does not activate any installed anti-virus programs, and therefore it goes under the radar of standard anti-virus solutions. Once the victim opens the Windows help file, the Admin.HLP Trojan installs itself on the victim’s computer where it starts to collect keystrokes. The Trojan periodically sends the stored keystrokes to the attackers’ remote server. To remain a persistent Trojan threat, Admin.HLP creates a startup file in Windows, guaranteeing that the Trojan is invoked after every restart of the computer.

Bibtex

 @misc{Benishti2012BFR376,
   editor = {ERT Threat Alert},
   author = {Eyal Benishti},
   title = {New trojan found: Admin.HLP leaks organizations data},
   date = {28},
   month = Feb,
   year = {2012},
   howpublished = {\url{http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/}},
 }