high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 20 April 2007 21:16:43 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Zlob-ABQ is a password-stealing Trojan.
Troj/Zlob-ABQ captures confidential information in the form of keystrokes, Windows text and clipboard text and then sends this data to a remote location via email.
In particular Troj/Zlob-ABQ attempts to capture login details for online banking websites from HTML pages that contain certain text strings, such as:
"e-gold", "PayPal", "bank", "passport", "money", "mail", "log", "sign", "secret", "forex", "hsbc", "woolwich", "lloyds", "barclay", "egg" or "password".
Troj/Zlob-ABQ can arrive as a result of web browsing. Certain web pages may exploit vulnerabilities associated with Microsoft Internet Explorer to silently download and install/run the Trojan without user interaction.
Troj/Zlob-ABQ includes functionality to:
- delete URL cache entries
- delete itself after a period of time
- steal confidential information
- download, install and run new software, including updates of its software
When Troj/Zlob-ABQ is installed it creates the file <System>\kdlfk.exe.
The file kdlfk.exe is detected as Troj/Zlob-ABL.
The following registry entry is changed to run kdlfk.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System
kdlfk.exe
|
