|Detected||May 04 2011 16:03 GMT|
|Released||May 04 2011 20:31 GMT|
|Published||Sep 19 2011 13:20 GMT|
The malicious library is a component of a trojan program designed to steal the user's authentication data. It is a Windows dynamic-link library (PE-DLL file). 8192 bytes. Written in C++.
After launching, the malicious library checks the name of the process in the address space loaded. By loading the "duospeak.exe" process in the address space, the malicious library allows for the data entered by the user in the class "YYMainWnd" window to be tracked. The data collected is sent to the attacker's server in HTTP-requests:
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.