printer friendly version

Trojan.Spy.YEK, the corporate spying tool

Spying Trojan that looks for documents and archives that may hold private information and sends it back to the attacker.

The Stuxnet troubles are long from being forgotten and any sign of outside intrusion continues to be extremely sensitive news. These days, business is hard as it is, but when some e-threat comes along and sniffs for critical data, things could not get worse. A spying malware in the local network of a company means DANGER and unfortunately the number of such threats is constantly increasing.

And Trojan.Spy.YEK having both spying and backdoor features is a serious enemy.  With an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of meeting spots with the attacker.

The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots of the ongoing processes.

Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEK a prime suspect of corporate espionage as it seems to target the private data of the companies.

On top of that, the Trojan can run without problems on all versions of Windows from Win 95 to Seven. If you have not done that already, this should be a good time to try an antivirus.

Information in this article is available courtesy of BitDefender Malware Researchers Doina Cosovan and Octavian Minea.

Share this article:

Further reading: