Threat behavior
Trojan:Win32/Keyjack.A is a trojan that redirects a Web browser to another site than was expected. In the wild, this trojan has been observed to redirect attempts to reach MSN.com, YAHOO.com and other sites.
Installation
This trojan is installed by a dropper or other third party software. It may be present as a randomly named file for example:
<system folder>\Lby929a6.dll
<system folder>\Yet7769b.dll
<system folder>\Jwwd9a88.dll
The registry may be modified to execute the trojan as a Web browser helper object when a Web browser is launched.
Payload
Redirects Browser
Win32/Keyjack.A injects its code into Internet Explorer (IEXPLORE.exe) to redirect the Web browser to another site than was expected. In the wild, this trojan has been observed to redirect attempts to reach MSN.com, GOOGLE.com, YAHOO.com and AOL.com to other sites.
Analysis by Subratam Biswas
Prevention
