Trojan:Win32/Glod.A is a Trojan, which control what keys an attacked computer user hits and transmits this information to a remote cybercriminal. Trojan:Win32/Glod.A can obtain remote unauthorized access to the victimized computer user’s user names and passwords. Trojan:Win32/Glod.A may be installed on the corrupted PC by masquerading as a genuine software product, or by other security threats. Trojan:Win32/Glod.A may steal the victim’s personal information, incorporating his/her usernames and passwords. Once installed on the compromised PC, Trojan:Win32/Glod.A makes system alterations by downloading malicious files and modifying the Windows Registry. Trojan:Win32/Glod.A may use social engineering to induce the target PC user to install it on the vulnerable computer system. Trojan:Win32/Glod.A can masquerade as a screen saver file ‘image.scr’, or it may also be downloaded by other…

Trojan:Win32/Mojap.A is a Trojan that transfers information about a targeted PC to a specific distant server. Trojan:Win32/Mojap.A may be installed and executed by other malware infections. Once installed on the infected computer system, Trojan:Win32/Mojap.A makes system alterations by downloading malicious files. When executed, Trojan:Win32/Mojap.A creates the copies of the legitimate system files ‘cmd.exe’ and ‘advapi32.dll’ with the goal of allowing payloads for other malware threats that could be distributed or installed together with Trojan:Win32/Mojap.A. Trojan:Win32/Mojap.A gathers the specific information about the compromised PC and transmits it to a distant server. The server may transmit information back to Trojan:Win32/Mojap.A on the affected PC, where it saves the information into the temporary Internet files folder….

TSPY_QHOST.QFB is a Trojan that is used by cybercrooks to reroute customers of South Korean Banks to phishing websites fooling them into revealing their personal and financial data. TSPY_QHOST.QFB makes modifications to the attacked PC’s HOSTS file to diverts victimized computer users to an IP address located in Japan. When on the phishing website, attacked computer users are asked several questions about PC security, after which they’re instructed to get a security certificate. Attacked PC users are asked to give their name, Korean resident registration number, phone number, account number, password, user ID, associated password, and the certificate password. These phishing websites abuse the trust that web users have in their banks to get financial and personal data from victimized web users. These websites are designed to think that computer users are entering their information in…

TrojanDownloader:Win32/Beebone.IJ is a Trojan that stealthily drops and installs other damaging applications on a corrupted PC without a computer user’s permission. TrojanDownloader:Win32/Beebone.IJ can install other malware infections or malware components on the compromised PC. While being installed, TrojanDownloader:Win32/Beebone.IJ makes system modifications by adding harmful files. TrojanDownloader:Win32/Beebone.IJ contacts a remote host to receive configuration or other data, to receive instructions from a remote cybercriminal, to report a new infection to its author, to add and run arbitrary files (covering updates or other security threats) and to upload data taken from the affected computer system….

Trojan.Coinliteminer is a Trojan that uses the resources of the compromised PC to mine litecoins. Trojan.Coinliteminer may enter the victimized computer system through spam email messages. While being run, Trojan.Coinliteminer creates the infected files. Trojan.Coinliteminer then creates the registry entry so that it can load automatically whenever the PC user is starts Windows. Trojan.Coinliteminer allows attackers to obtain full remote access and control of the affected computer….

Trojan.Botime is a Trojan that distributes other malware infections on to the corrupted PC. While being run, Trojan.Botime replicates itself as the infected file to the specific location. Trojan.Botime then affects the file by patching the export function named ‘ImeInquire’. Trojan.Botime creates the registry entries so that it can load automatically every time the keyboard is used. Trojan.Botime also creates other registry entries. Trojan.Botime then makes modifications to the registry entries to alter Internet Explorer settings. Trojan.Botime also makes modifications to other registry entries. Trojan.Botime embeds itself into the process named ’svchost.exe’ and runs. Trojan.Botime then decrypts the payload, which is stored in the registry entry, and runs it….

Keyboy is a backdoor Trojan that has been used to target computer users in Asian countries. Keyboy attacks have been uncovered in China, India, Vietnam, Taiwan and a number of other countries in the region. Keyboy is distributed using the Microsoft Word documents with an exploit that allows criminals to execute a malicious code on the victim’s computer. Keyboy is designed to steal sensitive information from the victim, including online passwords and banking information. The fact that Keyboy attacks are distributed using malicious Word documents means that these can be attached to emails specifically crafted to convince a victim to open the malicious attachment. Since many computer users ignore that DOC files can be malicious, thinking that only EXE and other executable can be used to execute the malicious code, they are more likely to open these malicious attachments than with other…

JS_BLACOLE.MT is a Trojan that propagates via hijacked Japanese websites. One of the hijacked websites incorporates an obfuscated JavaScript, identified as JS_BLACOLE.SMTT, which is produced to load a hidden iframe that loads behind the attacked computer user’s web browser. The hidden iframe loads a .PHP file, identified as JS_BLACOLE.MT, that checks which programs are installed on the compromised PC. After checking, it then loads the appropriate exploits. These result in the download of damaging PDF files, which exploit an old vulnerability (CVE-2010-0188) in Adobe Reader and Acrobat. Other programs affected for exploits involve Java and Flash. This behavior indicates that the cybercriminal used the Blackhole Exploit Kit in these attacks….

JS_BLACOLE.SMTT is a Trojan that circulates via hacked Japanese websites. One of the hacked websites encompasses an obfuscated JavaScript, found as JS_BLACOLE.SMTT, which is generated to load a hidden iframe that loads behind the target computer user’s Internet browser. The hidden iframe loads a .PHP file, found as JS_BLACOLE.MT, that checks which programs are installed on the attacked PC user’s computer. After checking, it then loads the appropriate exploits. These cause the download of harmful PDF files, which exploit an old vulnerability (CVE-2010-0188) in Adobe Reader and Acrobat. Other applications contaminated for exploits incorporate Java and Flash. This behavior specifies that the cybercrook used the Blackhole Exploit Kit in these attacks….

Trojan horse Generic_r.CIW is a Trojan that is distributed via bogus MMS spam emails dispersing Zeus bot . now in Czech Republic. The unsolicited email masquerades as an MMS sent through any one of the local mobile operators such as T-Mobile. The attached archive encompasses an infectedexecutable file with double extension imitating a JPG image, for example, ‘MMS img 76897644.jpeg.exe’. The infected file, which is found as Trojan horse Generic_r.CIW, is a Zeus bot downloader, which involves its C&C server and downloads other damaging files. Once Trojan horse Generic_r.CIW is run, the first encryption layer is decrypted and several checks to detect controlled environment are performed. If all these tests are successfully passed and no virtual environment or debugger is found, Trojan horse Generic_r.CIW then modifies its flow by registering FileIOCompletionRoutine callback function….