Troj/Nethief-C

Discussion in 'malware problems & news' started by FanJ, Oct 25, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: Troj/Nethief-C
    Aliases: Backdoor.Nethief.XP.c, BackDoor-TW trojan,
    Backdoor.NetThief
    Type: Trojan
    Date: 25 October 2002


    At the time of writing Sophos has received just one report of
    this Trojan from the wild.

    Description
    Troj/Nethief-C is a backdoor Trojan that copies itself to IExplorer.exe in the
    Windows system folder and sets the registry entry

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Internet Explorer =
    Iexplorer.exe



    More information about Troj/Nethief-C can be found at
    http://www.sophos.com/virusinfo/analyses/trojnethiefc.html
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    TDS detects 27 variants of Net Thief, it is used in Asia :)
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    :) :)
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hmm Gavin you've been quite busy lately. Sophos writes about one with several names discovered today and you got 27 variants already!
    That it's using the iexplorer.exe name hmm people will not notice that too quickly as an illigal /infected variant of the legal exe.
     
Loading...
Thread Status:
Not open for further replies.