Home » News » Vulnerabilities » Trojan “Plays” With Install Files

Trojan “Plays” With Install Files

By Luciana on February 5, 2010 | Vulnerabilities, trojan, muster, mcafee, microsoft, malware

McAfee recently announced about the malware that attempts to hide its contagion in a quite exceptional way. At this point it is not a technical issue. The malicious software is able to hide its copy in a Windows help file to convince users their computers were infected.

“Muster” is a group of backdoor which has an ability to hide themselves under the help files. The help files or “.hlp” files are information files created to be run through with Microsoft WinHelp browser. At this point it is needed to provide online helps for applications users.

A recent variant Muster.e is dubbed to ant-virus provider McAfee. For that reason the Trojan infects a Windows file named as imepaden.hlp and collect the malicious content under the encrypted form. At the process the installed malware is removed but the unknown payload is renamed into an executable file named upgraderUI.exe. As a result, it is run by an affiliated installation file that runs automatically as Windows service.

Notice, that Muster.e stays installed on an infected computer. Furthemore, it does not disapear if most of the files are connected with malicious software are removed. It is suggested by McAfee to add help files if there any suspisious mind that PC may be infected.

More Vulnerabilities news

Shocking: 9 out of 10 websites still vulnerable to old attacks

Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle  (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.


News categories

Latest news