TSPY_LINEAGE.ACZ

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TSPY_LINEAGE.ACZ

Overview

Solution

Technical Details

QUICK LINKS	Download the latest scan engine

Type: Spyware

In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:		Low

Reported detections:		Low
System impact:		High
Information exposure:		High

Description:

Infamous for stealing account information related to the online game Lineage, the TSPY_LINEAGE family evolves with the threat landscape making it one of the most prevalent spyware to date. Read an article about the latest trend this spyware family is putting out: TSPY_LINEAGE Levels Up.

This spyware arrives on a system either downloaded from the Internet or dropped by JS_AGENT.AAQI.

When executed, it drops a .DLL component in the current user's Temporary folder. It then uses the said .DLL component for its keylogging routine.

This spyware also creates a registry entry to ensure its automatic execution at every system startup.

On systems running Windows 95, 98, and ME, however, this spyware moves certain legitimate files from their respective locations to the root folder and replaces them with copies of itself.

This spyware monitors the Internet Explorer activities of an affected system. It steals account-related information like user names and passwords every time a user visits the Web site of the popular online game, Lineage. It does this routine by logging user keystrokes and then writing its stolen information to a file, which in turn is read and whose contents are posted on a certain Web site. Thus, the stolen information becomes available to remote users who know of the posting Web site.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul 12, 2007

Tell us how we did. Take our quick survey.