Win32/Aibatook [Threat Name]

Detection created2014-05-21
Short description

Win32/Aibatook is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan is usually found in the following folder:

  • %startup%

The following filename is used:

  • csmss.exe

The trojan moves the following files (source, destination):

  • %malwarefilepath%, %startup%\­csmss.exe

This causes the trojan to be executed on every system start.

Information stealing

The trojan collects sensitive information when the user browses certain web sites.


The trojan collects passwords used to access the following site:

  • http://www.jp-bank.japanpost.jp/
  • http://netbk.co.jp/

The following programs are affected:

  • Internet Explorer

The trojan attempts to send gathered information to a remote machine.


The trojan can modify network traffic.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (6) URLs. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • update itself to a newer version
  • modify network traffic
  • change the proxy server settings
  • send gathered information

For further information follow the links below:


* Win32/Aibatook: Banking Trojan Spreading Through Japanese Adult Websites

Threat Variants with Description

Threat Variant Name Date Added Threat Type
Win32/Aibatook.A 2014-05-21 trojan

Please enable Javascript to ensure correct displaying of this content and refresh this page.