Freely subscribe to our NEWSLETTER

Elenkage.A is designed to download several strains of the Lineage family of Trojans, which are designed to steal passwords for games installed on users systems.

When run on a computer, this Trojan connects to several FTP servers from which it downloads the malware. It does this transparently to users.

Even so, just in case, the Trojan displays a Web page during the process to distract users’ attention.

The page displayed is a Yahoo.com. page in Chinese, which you can see here: http://www.flickr.com/photos/panda_security/4116958875/

The files it downloads are detected as Trj/Lineage.LDY. These files go resident on the computer, waiting to steal information from online games such as Arcturus, Zodiac online, Maple Story, etc. and then send these details to the malware creator via SMTP.

AntiAID is a fake antivirus which when installed on a computer displays a screen comprising several tabs for configuring the protection level, updates, small tools, etc. This malware first simulates a scan of the computer, falsely claiming to detect various examples of malware.

When the scan is finished, a screen appears displaying the results and a warning about the risks of the threats it has supposedly detected. To delete these ’threats’ users are asked to enter a registration code, and a browser window opens with the page through which users can pay for this code. Once again, the aim of cyber-crooks is none other than to profit financially from this fraudulent application.

Every time users try to remove the malware supposedly detected on their systems, or update components of the application, they will be asked for a payment.

Another fake antivirus, ControlCenter, operates in a similar fashion. It fakes a scan of the system and claims to have detected (non-existent) malware. It then asks for payment in order to remove the ’malware’.