Encyclopedia entry
Updated:
Apr 17, 2011
| Published:
Dec 16, 2009
Aliases
Win32/PSW.OnLineGames.OPY
(ESET)
Alert Level
(?)
Severe
Antimalware protection details
Microsoft recommends that you download the
latest definitions
to get protected.
Detection last updated:
Definition: 1.149.1620.0
Released: May 09, 2013
|
|
Detection initially created:
Definition: 1.69.280.0
Released: Oct 29, 2009
|
Summary
PWS:Win32/Lolyda.AU is a member of the
Win32/Lolyda family of trojans. This family steals account information from popular online games and sends it to a remote server.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
Technical Information (Analysis)
PWS:Win32/Lolyda.AU is a member of the
Win32/Lolyda family of trojans. This family steals account information from popular online games and sends it to a remote server.
Installation
PWS:Win32/Lolyda.AU is dropped by other Lolyda components, which may also be detected as PWS:Win32/Lolyda.AU.
Payload
Steals online game information
PWS:Win32/Lolyda.AU attempts to steal the following information from currently-running online game processes:
- User name
- Password
- Server address
- Character information
This information is then collected and sent to a remote server.
In the wild, PWS:Win32/Lolyda.AU has been observed to steal information from the games 'AskTao' and 'Perfect World'.
Takes screenshots
PWS:Win32/Lolyda.AU may also take a snapshot of the user's screen, which is also sent to a remote server.
Analysis by Chun Feng
Prevention
Recovery
