Win32/Urlbot [Threat Name]

Detection created2003-10-15
World activity peak 2009-09-18 (0.03 %)
Short description

Win32/Urlbot is a trojan that steals sensitive information. The trojan can send the information to a remote machine. It can be controlled remotely.

Installation

The trojan is often included in the installation packages of programs downloaded from untrustworthy sources.

Information stealing

Win32/Urlbot is a trojan that steals sensitive information.


The trojan collects the following information:

  • a list of recently visited URLs
  • list of recently opened/executed files
  • list of running processes
  • e-mail messages
  • sent IM messages
  • posts on social networks
  • keywords entered into search engines
  • screenshots
  • list of transfered files

It can execute the following operations:

  • monitor network traffic
  • log keystrokes
  • block access to specific websites
  • allow remote desktop connections from outside
  • send gathered information
Other information

The malware configuration is passed as command line parameters or read from the file when the malware executable is launched.

Threat Variants with Description

Threat Variant Name Date Added Threat Type
Win32/Urlbot.NAT 2012-02-16 trojan

Please enable Javascript to ensure correct displaying of this content and refresh this page.