1 min read

[Malware Review] Trojan.PWS.KATES.AG

Loredana BOTEZATU

July 16, 2010

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
[Malware Review] Trojan.PWS.KATES.AG

The moment it reaches a new system, Trojan.PWS.KATES will create a copy of itself and move it to %userprofile%Templatesmemory.tmp. Once this initial task is completed, the original file is deleted.

Next, the malicious file creates the “Windows Server” subdirectory inside Local SettingsApplication Data and drops a 3KB .dll file called pwfsdy.dll. The file access, creation and write times are replaced with those of the user32.dll file. In order for the .dll file to be automatically executed each time a program is run for the first time, a registry key is written underSYSTEMCurrentControlSetControlSession ManagerAppCertDllsAppSecDll. This means that any programs the user installs will also launch this piece of malware.

Subsequently, the binary data loaded in Registry key HKEY_CURRENT_USERSOFTWARElbtppwfsdylbtppwfsdywill be executed by the pwfsdy.dll file.

The call to action is triggered once the Trojan is loaded along with the Internet browser the computer owner uses to access web pages. Whether the browser is Firefox® , Opera® or Internet Explorer® , Trojan.PWS.KATES will hook functions that transfer data over the Internet connection, it will filter what seems to be search result pages delivered by search engines and it will randomly replace them with a url that takes the user to “exotic” destinations such as: fake online antivirus scanners or websites that contain pornographic content.

Apart from constantly monitoring the user’s choice of sites, Trojan.PWS.KATES also peeps at users’ passwords and at whatever other critical data they provide on the Internet, shipping it to the malware developer’s servers.

The technical information in this article is available courtesy of BitDefender virus researcher Voicu Hodrea.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read