Social Icons

Saturday, January 29, 2011

Trojan.Spy.YEK : The Corporate Spying Tool

1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 


Post a Comment