printer friendly version

BitDefender offers free removal tool for malware that steals FTP and e-banking passwords

Free new disinfection tool against Backdoor.Lavandos available on MalwareCity.com for all computer users

Bitdefender has announced a free removal tool targeting the Backdoor.Lavandos.A, a resourceful malware that steals FTP and e-banking passwords in the most discreet manner.

Even though its primary target is the e-banking system used especially by Russian and Ukrainian institutions, Lavandos does not stop at just snatching e-banking passwords, it will also look for and grab all private data from the accounts the operator of the infected computer may use.

“What is particularly interesting about this e-threat is the fact that its driver component will not remain written on the disk longer than necessary,” said Catalin Cosoi, head of the BitDefender Online Threats Lab. “Instead it will be stored into the Windows Registry immediately after completing its task. Keeping a low profile is the name of the game Lavandos is playing.”

Shortly after infection, Backdoor.Lavandos.A will generate - for each browser found on the 'hijacked' PC - a 'setupapi.dll' in the installation root folder for Mozilla Firefox, Opera and Internet Explorer which will enable an easy manipulation of browser functions in order to import certificates or to accept a self-signed certificate as trusted.

Users infected with the Lavados backdoor risk disclosing sensitive information related to e-banking, as well as having their FTP accounts stolen by cyber-criminals involved in malware distribution schemes.

BitDefender customers have been protected since day zero via generic packer routines already included in the signature database. For those not protected by a BitDefender product, a free removal tool can be downloaded from the Downloads section of www.malwarecity.com.

To stay up-to-date on the latest e-threats, sign-up for BitDefender’s RSS feeds www.bitdefender.com/site/Using-Rss-Feeds.html.

Share this article:

Further reading: