Win32/Urlbot [Threat Name] go to Threat

Win32/Urlbot.NAT [Threat Variant Name]

Category trojan
Detection created Feb 16, 2012
Detection database version 10353
Short description

Win32/Urlbot.NAT is a trojan that steals sensitive information. The trojan can send the information to a remote machine. It can be controlled remotely.

Installation

The trojan is often included in the installation packages of programs downloaded from untrustworthy sources.

Information stealing

Win32/Urlbot.NAT is a trojan that steals sensitive information.


The trojan collects the following information:

  • a list of recently visited URLs
  • list of recently opened/executed files
  • list of running processes
  • e-mail messages
  • sent IM messages
  • posts on social networks
  • keywords entered into search engines
  • screenshots
  • list of transfered files

It can execute the following operations:

  • monitor network traffic
  • log keystrokes
  • block access to specific websites
  • allow remote desktop connections from outside
  • send gathered information
Other information

The malware configuration is passed as command line parameters or read from the file when the malware executable is launched.

Please enable Javascript to ensure correct displaying of this content and refresh this page.