WinSpy Trojan: Master of Spying
With the WinSpy.J trojan, attackers can learn almost anything about the operations performed on infected computers.
A WinSpy.J the primary purpose of trojans is espionage. As soon as it is downloaded to a computer, it downloads additional malicious files from the Internet and then regularly checks for newer versions of its own files, which means that it automatically updates itself.
Exploiting the capabilities of its trojan, attackers can save screenshots from browsers and launch Internet Explorer or Mozilla Firefox. If a working webcam is connected to the infected PC, they can even record videos. The malware uses the collected data, images, videos, etc. forward it to attackers via email.
When the WinSpy.J Trojan starts, it performs the following actions:
- It downloads a file called newver.txt over the Internet, and then obtains another malicious file. It saves the downloaded file to the Windows directory as msn64.exe.
- It regularly checks the Internet for newer versions of its own files.
- Create the following entry in the registration database:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunPANO = “%Windows%msn64.exe”
This allows you to load automatically each time Windows restarts.
