Win32/Aibatook [Threat Name] go to Threat

Win32/Aibatook.A [Threat Variant Name]

Category trojan
Size 77824 B
Aliases Trojan.Win32.Small.btgd (Kaspersky)
  TR/Spy.77824.1505 (Avira)
Short description

Win32/Aibatook.A is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %startup%\­mccsrss.exe

This way the trojan ensures that the file is executed on every system start.

Information stealing

The trojan collects sensitive information when the user browses certain web sites.


The trojan collects passwords used to access the following site:

  • jp-bank.japanpost.jp
  • bk.mufg.jp

The following programs are affected:

  • Microsoft Internet Explorer

The trojan attempts to send gathered information to a remote machine.


The trojan can modify network traffic.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (8) URLs. The HTTP protocol is used.


It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • update itself to a newer version
  • modify network traffic
  • change the proxy server settings
  • send gathered information
  • remove itself from the infected computer

For further information follow the links below:


* Win32/Aibatook: Banking Trojan Spreading Through Japanese Adult Websites

Please enable Javascript to ensure correct displaying of this content and refresh this page.