1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan-Spy:W32/Ambler.C

Trojan-Spy:W32/Ambler.C

Name : Trojan-Spy:W32/Ambler.C
Detection Names : Trojan-Downloader.Win32.BHO.acb
Aliases : TrojanSpy:Win32/Ambler.F (Microsoft)
Size:43008
Category:Malware
Type:Trojan-Spy
Platform:W32

Summary

This type of trojan secretly installs spy programs and/or keylogger programs.

Additional Details

This malware secretly captures a user's credentials for Internet banking webpages; the stolen information is then forwarded to a remote server.


Installation
The trojan uses the following file names to register itself as Internet Explorer's plugin:

  • svchstb.dll
  • smbmngr.dll

Execution
The captured credentials are first encrypted and stored in:

  • %windir%\system32\alog.txt.

Periodically, the information in the file is forwarded (using the HTTP POST command) to the following remote servers:

  • http://vcounter.cn/stat2/[...].php
  • http://vcounter.cn/stat2/[...].php
  • http://vcounter.cn/stat2/[...].php
  • http://vcounter.cn/stat2/[...].php