[Malware Review] Trojan.PWS.KATES.AG
The moment it reaches a new system, Trojan.PWS.KATES will create a copy of itself and move it to %userprofile%Templatesmemory.tmp. Once this initial task is completed, the original file is deleted.
Next, the malicious file creates the “Windows Server” subdirectory inside Local SettingsApplication Data and drops a 3KB .dll file called pwfsdy.dll. The file access, creation and write times are replaced with those of the user32.dll file. In order for the .dll file to be automatically executed each time a program is run for the first time, a registry key is written underSYSTEMCurrentControlSetControlSession ManagerAppCertDllsAppSecDll. This means that any programs the user installs will also launch this piece of malware.
Subsequently, the binary data loaded in Registry key HKEY_CURRENT_USERSOFTWARElbtppwfsdylbtppwfsdywill be executed by the pwfsdy.dll file.
The call to action is triggered once the Trojan is loaded along with the Internet browser the computer owner uses to access web pages. Whether the browser is Firefox® , Opera® or Internet Explorer® , Trojan.PWS.KATES will hook functions that transfer data over the Internet connection, it will filter what seems to be search result pages delivered by search engines and it will randomly replace them with a url that takes the user to “exotic” destinations such as: fake online antivirus scanners or websites that contain pornographic content.
Apart from constantly monitoring the userâ€™s choice of sites, Trojan.PWS.KATES also peeps at usersâ€™ passwords and at whatever other critical data they provide on the Internet, shipping it to the malware developerâ€™s servers.
The technical information in this article is available courtesy of BitDefender virus researcher Voicu Hodrea.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021