Win32/Aibatook [Threat Name]
| Detection created | 2014-05-21 |
Short description
Win32/Aibatook is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.
Installation
The trojan is usually found in the following folder:
- %startup%
The following filename is used:
- csmss.exe
The trojan moves the following files (source, destination):
- %malwarefilepath%, %startup%\csmss.exe
This causes the trojan to be executed on every system start.
Information stealing
The trojan collects sensitive information when the user browses certain web sites.
The trojan collects passwords used to access the following site:
- http://www.jp-bank.japanpost.jp/
- http://netbk.co.jp/
The following programs are affected:
- Internet Explorer
The trojan attempts to send gathered information to a remote machine.
The trojan can modify network traffic.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (6) URLs. The HTTP protocol is used.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
- update itself to a newer version
- modify network traffic
- change the proxy server settings
- send gathered information
For further information follow the links below:
* Win32/Aibatook: Banking Trojan Spreading Through Japanese Adult Websites
Threat Variants with Description
| Threat Variant Name | Date Added | Threat Type | |
| Win32/Aibatook.A | 2014-05-21 | trojan |