SCF Advanced Search

  • Total Posts: 40153
  • Total Topics: 14262
  • Online Today: 835
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: BitDefender Warns: New Spying Trojan - Trojan.Spy.YEK  (Read 2259 times)

0 Members and 2 Guests are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
BitDefender Warns: New Spying Trojan - Trojan.Spy.YEK
« on: 16. November 2010., 13:53:06 »

Internet security specialist BitDefender has warned about the dangers of a new spying Trojan it describes as "a serious enemy" that can be used as a corporate spying tool.

In a statement, BitDefender says that Trojan.Spy.YEK sniffs for critical data and archives that may hold private information and sends them back to the attacker.

BitDefender Malware Researchers Doina Cosovan and Octavian Minea say that because Trojan.Spy.YEK has both spying and backdoor features, it is a serious enemy.

"A spying malware in the local network of a company means danger and unfortunately the number of such threats is constantly increasing," the researchers said.

"With an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of meeting spots with the attacker," the researchers said.

Backdoor Spyware

"The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots of the ongoing processes."

Some of the commands Trojan.Spy.YEK is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension.

"Shortly put," the researchers said, "it uploads all the interesting data on a FTP server without the user's consent.

"The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEK a prime suspect of corporate espionage as it seems to target the private data of the companies".

Cosovan and Minea say that the Trojan can run, without problems, on all versions of Windows from Win 95 to 7.

"If you haven't done that already, this should be a good time to try an antivirus," they said:,10.0.html

Stuxnet Follow-On

This latest warning comes in the wake of a new breed of e-threats called Stuxnet, a malicious worm that emerged in July 2010. Stuxnet is one of the first malware Trojans that targets Siemen's widely-deployed Supervisory Control and Data Acquisition, or SCADA, systems which are used to monitor automated plants - from water treatment and distribution to power generators.

At the Govware conference in Singapore in September, the Lion City's Senior Minister of State for Law & Home Affairs, Associate Professor Ho Peng Kee, warned of the "catastrophic implications" should control of such industrial systems fell into the wrong hands through the use of Stuxnet".

In October, BitDefender released a free removal tool that allows users infected with Win32.Worm.Stuxnet:,4623.0.html


Samker's Computer Forum -

BitDefender Warns: New Spying Trojan - Trojan.Spy.YEK
« on: 16. November 2010., 13:53:06 »


  • SCF Advanced Member
  • ***
  • Posts: 213
  • KARMA: -5
Re: BitDefender Warns: New Spying Trojan - Trojan.Spy.YEK
« Reply #1 on: 15. January 2011., 06:46:15 »
Go for the new and latest version of bitdefender 2011 free download, it provides a lots of utilities to get rid of any type f virus !!

Samker's Computer Forum -

Re: BitDefender Warns: New Spying Trojan - Trojan.Spy.YEK
« Reply #1 on: 15. January 2011., 06:46:15 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising