New trojan found: Admin.HLP leaks organizations data

Jump to navigation Jump to search

(Publication) Google search: [1]

New trojan found: Admin.HLP leaks organizations data
Botnet Admin.HLP
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 /
Editor/Conference ERT Threat Alert
Link (Archive copy)
Author Eyal Benishti


Radware’s ERT Research Lab released a threat alert regarding a new Trojan Key

Logger malware, named Admin.HLP, that was found 28 August, 2012 for the first time at one of its customers. Admin.HLP, the newly found Trojan, is malicious software that monitors keystrokes on the victim’s computer, collects user passwords, credit card numbers and other sensitive information. It then sends all the stolen data out of the organization to the attackers’ remote servers over secured HTTPS connection. The Admin.HLP Trojan is hidden within a standard windows help file named Amministrazione.hlp and it is attached to emails. This standard help file does not activate any installed anti-virus programs, and therefore it goes under the radar of standard anti-virus solutions. Once the victim opens the Windows help file, the Admin.HLP Trojan installs itself on the victim’s computer where it starts to collect keystrokes. The Trojan periodically sends the stored keystrokes to the attackers’ remote server. To remain a persistent Trojan threat, Admin.HLP creates a startup file in Windows, guaranteeing that the Trojan is invoked after every restart of the computer.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR376,
   editor = {ERT Threat Alert},
   author = {Eyal Benishti},
   title = {New trojan found: Admin.HLP leaks organizations data},
   date = {02},
   month = Dec,
   year = {2012},
   howpublished = {\url{}},