“Doctor Web” found Trojan which spreads in “Vkontakte”

“Doctor Web” found Trojan which spreads in “Vkontakte”

MOSCOW, 5 may — RIA Novosti. The company “Doctor Web”, the Russian producer of anti-virus protection of Dr. Web, discovered a malicious program that spreads in a social network “Vkontakte” under the guise of free keys for antivirus.

“Some time in the official group of the company “Doctor Web” the social network “Vkontakte” began to receive messages from anonymous users to download free license keys for Dr. Web. Usually, such reports contain a shortened link to a file hosting RGhost. If you walk through it, the potential victim will be prompted to download a RAR archive volume 26 KB”, — stated in the message.

The Trojan is a powerful backdoor that is connected after startup with the command and control server and sends information about the infected computer: serial number of the hard disk, the version and bitness of the installed OS, computer name, manufacturer’s name, existence and version of the antivirus, and the presence of a PC-connected webcam.

The Trojan may perform a number of commands of the attackers, including the shutdown or restart the computer, displaying the system message with the specified text, playing through the speakers of a given phrase, the browser opens the specified web page, receive and transmit to the control server screenshot.

One of the most dangerous backdoor functions — built-in Keylogger, memory keystrokes. Command data is loaded to the attackers, the company said. In addition, the Trojan is able suddenly to reproduce on the screen of the infected machine SWF videos scary content.

Virus analysts “Doctor Web,” noted that malware whose main purpose is to scare or confuse users, in recent years, rare. Most modern Trojans are focused on removing criminals for commercial benefits.