high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2006 (4.02) |
| Protection available since | 22 November 2005 22:16:00 (GMT) |
| Last updated | 2 December 2005 14:04:23 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Brogger-C is an information stealing Trojan for the Windows platform.
Troj/Brogger-C targets the customers of certain online banking websites. The Trojan monitors browser usage and logs any account details entered, and may display fake user interfaces and record any entered details.
When Troj/Brogger-C is installed the following files are created:
<System>\dllonet.dll
<System>\lycky.sdf
<System>\qwerwqr234
<System>\winskype.dll
<System>\winskype.exe
lycky.sdf and qwerwqr234 are harmless data files. Dllonet.dll is a standard Microsoft file. Winskype.dll and winskype.exe are detected by Sophos's anti-virus products as Troj/Brogger-C.
The following registry entry is created to run winskype.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winskype
<System>\winskype.exe
The Trojan logs the keypresses of the following URLs:
ETICKET.VASP.COM.BR
ESERVICES.SABRE.COM
EXCHANGE.NET.UA
GSATOURS.COM.BR
SEGURO.CBLC.COM.BR
WEBMONEY.CO.NZ
WWW.TOURLINES.COM.BR
WWW.VOETRIP.COM.BR
WWW.E-FLYTOUR.COM.BR
WWW.REXTUR.COM.BR
WWW.SAKURATUR.COM.BR
WWW.AUGUSTUS.COM.BR
WWW.TYLLER.COM.BR
WWW.ADVTOUR.COM.BR
WWW.LEISERNET.COM.BR
WWW.ABREUTUR.COM.BR
WWW.AEROP.COM.BR
WWW.AGAXTUR.COM.BR
WWW.CLIMB.TUR.BR
WWW.CALCOS.COM.BR
WWW.MONARK.TUR.BR
WWW.DESIGNERTOURS.COM.BR
WWW.MARSANS.COM.BR
WWW.RCATOURS.COM.BR
WWW.NASCIMENTO.COM.BR
WWW.COCRED.COM.BR
WWW.STROMPAY.COM
WWW.PAYPAL.COM
WWW.GOLDDIRECTORY.COM
WWW.E-GOLD.COM
WWW.ABGOLDCOMMERCE.COM
WWW.ANYGOLDNOW.COM
WWW.ASIANGOLD.COM
WWW.AAZTECGOLD.COM
WWW.BULLIONEXCHANGE.NET
WWW.BUYNETGOLD.COM
WWW.CAMBIST.NET
WWW.CANADIANGOLD.WS
WWW.CYFROCASH.COM
WWW.E-DINAR.COM
WWW.E-FIDEX.COM
WWW.E-FOREXGOLD.COM
WWW.ELECTRUMX.COM
WWW.EUROGOLDFRANCE.COM
WWW.FASTGOLD.NET
WWW.GITGOLD.COM
WWW.GOLDAGE.NET
WWW.GOLD-CASH.BIZ
WWW.GOLDCURRENCIES.COM
WWW.GOLDEX.NET
WWW.GOLDFINGERCOIN.COM
WWW.GOLDNOW.ST
WWW.GOLDPOUCHEXPRESS.COM
DAVIS-COMPANY.COM
WWW.GOLD-TODAY.COM
WWW.ICEGOLD.COM
WWW.INCREMENTALGOLD.COM
WWW.INSTANTGOLD.NET
WWW.KITCO.COM
WWW.LIQUIDGOLDS.COM
WWW.LONDONGOLDEXCHANGE.COM
WWW.METAL-ESCROW.COM
WWW.OMNIPAY.NET
WWW.ORMETAL.COM
WWW.OZZIGOLD.COM
WWW.PAYBYGOLD.COM
WWW.ANONYMOUSGOLD.COM
WWW.SPACEGOLD.COM
WWW.SYDNEYGOLDSALES.COM
WWW.TAMPAEXCHANGE.NET
WWW.THEGOLDSHOP.BIZ
GOLDCONNECTION.NETFIRMS.COM
WWW.INDX.RU
WWW.OPEN2EXCHANGE.COM
WWW.E-BULLION.COM
WWW.AGORASENIOR.COM.BR
WTR.BMF.COM.BR
WWW.ALPES2.COM
WWW.SHOPINVEST.COM.BR
WWW.BOVESPA.COM.BR
WWW.SUPERBROKER.COM.BR
WWW.BINVESTOR.COM
WWW.CLSA.COM/PUBLIC
WWW.BESSECURITIES.COM.BR
HB.CODEPE.COM.BR
WWW.COINVALORES.COM.BR
WWW.CONCORDIA.COM.BR
WWW.CONVENCAO.COM.BR
HOMEBROKER.BVES.COM.BR
WWW.SOUZABARROS.COM.BR
WWW.CSFB.COM.BR
WWW.BCSUL.COM
HOMEBROKER.ELITECCVM.COM.BR
WWW.LEROSA.COM.BR
WWW.FATORCORRETORA.COM.BR
WWW.FINABANK.COM.BR
WWW.GRADUALDIRETO.COM.BR
WWW.GRIFFO.COM.BR
WWW.INDUSVAL.COM.BR
WWW.INTRA.COM.BR
WWW.ISOLDI.COM.BR
WWW.MAGLIANO.COM.BR
WWW.MUNDINVEST.COM.BR
WWW.NOVINVEST.COM.BR
WWW.OMARCAMARGO.COM.BR
WWW.PACTUAL.COM.BR
WWW.PLANNERHOMEBROKER.COM.BR
WWW.TALARICOCCTM.COM.BR
WWW.THECA.COM.BR
WWW.TOV.COM.BR
WWW.UMUARAMACTVM.COM.BR
WWW.UNIBANCOCORRETORA.COM.BR
WWW.VAM.COM.BR
WWW.WALPIRES.COM.BR
|
