Mal kurz wieder da
Hab mir das Proggl mal genauer angeschaut und hab mich mal ein wenig schlau gemacht...
Das Prog heist ursprünglich Bogus "key grabber"
und ist seit etw März in der Szene bekannt... Es gibt mehrere Varianten von dem Ding.
Ursprünglich war es als Überwachungstool für Arbeitsplätze gedacht. Ist aber, so wie es auschaut, gecrackt worden.
Es ist eine mischung von Trojaner und Keylogger.
Könnt also sein, das wir gelegentlich nochmal was von dem ding hören....
Warnung aus einem anderen Forum
A user and/or others are trying to share a "key grabber" via posted urls in this and possibly other forums on the internet.
This program is a password stealing program in disguise. It has a known file name as "server1.exe", but it can be named any 'exe' file.
The user must download and run the application. The found variant was 517kb in size and had the icon frequently used by installer apps. This file can be created with various "options", so its size, name and any icon be variable.
The program when run will scour the pc for login information from saved lists in Internet Explorer, Firefox and other browsers. Also it will steal passwords from window's password databases, steal the windows registered user info & cd key. It can also find passwords for other software like Outlook, MSN, AOL, Yahoo, games and more. It is very thorough.
It does create a log file (pwfile.log) in the "C:\Documents and Settings\"windows user"\Local Settings\Temp folder of the info it finds.
It then will send the info to a specific ftp server or email address. It then deletes the log file and the program. This happens very quickly.
If you have an installed firewall with outbound protection/notification, you likely will not be victimized by this threat. Though it is a threat that if you have any remembered passwords or username/passwords in your browser, changing those would be very prudent.
Regarding this site; a post was found in the Key Chat section that contained the url for this app and was shortly removed by staff. But because it was a posted text url, it was visible to some members.
Any member who might have seen and downloaded the "server1.exe" file from the url, is at risk!
Change your passwords for this & any sites you use.
If you do online banking and have the browser save any of your login info,
change it immediately.
This goes for webmail sites you use, like google, yahoo, hotmail, earthlink, or any other, and also, if you use Outlook, Outlook express, AOL, MSN or similar,
change your passwords!
"Bin mal Kurz AFK" - Dieses AFK dauerte 2 Jahre, 6 Monate und 23 Tage
Geändert von schnitter (28.06.2008 um 16:44:09 Uhr)