TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TSPY_MARAN.WH
Overview
Solution
Technical Details

QUICK LINKS  

Download the latest scan engine

TypeSpyware

In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

 Low

Reported detections:

 Low

System  impact:

 High

Information exposure:

 High
 

Description:

This spyware arrives as a self-extracting WinRAR executable file.

It drops certain .DLL component files to the Layered Service Provider (LSP) chain to ensure its automatic execution every time the affected user opens an Internet Explorer browser.

Upon execution, this spyware intercepts and logs network traffic before redirecting the target user to the originally desired Web site, thus allowing the spyware to monitor the affected user's Internet browsing activities and steal critical user information such as user names and passwords.

This spyware saves its gathered information in a certain file and either sends the said file to a remote malicious user using its own Simple Mail Transfer Protocol (SMTP) engine or uploads it to a server URL.

For additional information about this threat, see:
Solution
Technical Details



Tell us how we did. Take our quick survey.