Warcraft Thief and Mr. Clone mutant

Jiangmin 7.2 Virus Broadcast

Jiangmin today to remind you: TROJAN/PSW in today's virus. WOW.AHC "Warcraft thief" variant AHC and Packed.Klone.bdu "Mr. Clone" variant BDU deserves attention.

English name: TROJAN/PSW. Wow.ahc

Chinese name: "Warcraft thief" variant AHC

Virus Length: 57344 bytes

Virus type: Theft Trojan

Danger level: ★

Impact Platform: Win 9x/me/nt/2000/xp/2003

MD5 Check: 6b4b6b5f912dade13843eac3d6c3ce78

Feature Description:

TROJAN/PSW. WOW.AHC "Warcraft Thief" variant AHC is one of the newest members of the "Warcraft Thief" Trojan family, written by Microsoft Visual C + + 6.0. "Warcraft thief" variant AHC after running, will be copied to the infected system "C:\Program files\thunmail\" directory, renamed to "Testabd.exe." The malicious DLL component "Testabd.dll" is also released in the same directory, and the properties of the above files and folders are set to system, read-only, hide. "Warcraft Thief" variant AHC is a special theft "World of Warcraft" network game membership account of the Trojan, usually inserted into the designated process secretly run. The Trojan will be through the message hook, memory interception and other technology to steal the game account, game password, location, role level, money quantity, warehouse password and other information, and in the background will be stolen confidential information sent to the hacker specified URL "http://www.wow* Nwowgold.com/wow/wow.asp "(Address encryption storage), resulting in the network game player's account, equipment, items, money, etc. lost, to the game players caused a different degree of loss. "Warcraft Thief" variant AHC will also steal the user's "MSN", "Google", "Yahoo" account password, and sent to the hacker designated server, thereby giving users a different degree of virtual property loss. "Warcraft Thief" variant AHC will remove itself after installation, so as to achieve the elimination of traces of the purpose. In addition, it will be activated by adding the key value "Svc" to the infected system registry startup and modifying the "Appinit_dlls" key value.

English Name: Packed.Klone.bdu

Chinese name: "Mr. Clone" variant BDU

Virus Length: 397312 bytes

Virus type: Trojan Horse

Danger level: ★

Impact Platform: Win 9x/me/nt/2000/xp/2003

MD5 Check: d0c5ad3d08208d81c57d834219515c98

Feature Description:

Packed.Klone.bdu "Mr. Clone" variant BDU is one of the newest members of the "Mr. Clone" Trojan family, which is written in a high-level language and has been treated with shell protection. After the clone BDU runs, it replicates itself to the "%systemroot%\360tray\" directory of the infected system and renames "360tray.exe" (The File property is "system, hidden, read-only"). Constantly try to connect with the control end (address: a370240832.gi*p.net:8000), if the connection is successful, the infected computer will become a dummy host. Hackers can send malicious instructions to infected computers to perform arbitrary control operations (including but not limited to: file management, Process Control, registry operations, service management, remote command execution, screen monitoring, keyboard monitoring, mouse control, audio monitoring, video surveillance, etc.). To the user's personal privacy and even trade secrets caused a different degree of infringement. At the same time, hackers can also send a large number of malicious programs to the puppet host, which poses a more serious threat to the user's information security. In addition, "Mr. Cloning" variant BDU will be infected in the system to register the name "360tray.exe" system services, in order to achieve the start of the Trojan automatic operation.