New Trojan Disguised as Windows IME

All Security related news can be posted here, and unrelated news can be posted here as well.

Moderators: Admin Team, Moderators

User avatar
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK

New Trojan Disguised as Windows IME

Postby Spudz » Tue Jul 06, 2010 3:42 pm

New Trojan Disguised as Windows IME
by Dennis Fisher

There's a new attack technique in use right now that enables attackers to inject Trojan code onto victims' machines by disguising it as a Windows input method editor (IME).

The technique is a twist on the classic attack vector of making malicious code look like something benign. In this case, the attack code is being disguised as an IME, which is a component of Windows that's designed to allow users with one type of keyboard to input characters from other alphabets. The payload in the new attack is a Trojan.

This specific Trojan, when run on a victim's machine, creates a new file in the System folder, named winnea.ime, according to an analysis by Websense researchers. Once it's running on the PC, the Trojan then disables any antimalware software that's present and attempts to delete the executable files associated with the antimalware product, as well.

Continues at Threatpost
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.


Return to “General News\Security News”

Who is online

Users browsing this forum: No registered users and 2 guests