Berbew Computer Virus

The Berbew family of Trojans retrieves passwords stored on an infected system and sends them to a remote Web server. It also acts as a Web proxy, which allows attackers to use the infected system as a relay for remote access to other systems. Users can become infected with Trojans like Berbew in a number of ways: opening unknown e-mail attachments, running downloaded programs, using peer-to-peer file sharing programs.

Aliases (Also Known As) are neame given by different antivirus vendors may be using different names to refer to this malicious software. Here are some of the names currently in use by antivirus software vendors:

• McAfee: Backdoor-AXJ
• Sophos: Troj / Webber
• Sophos: Troj / Padodor
• Symantec: Backdoor.Berbew

How it works:

When this Trojan is run, it creates two files in the %SYSTEM% folder: an .exe file and a .dll file. These files have random file names. The .dll file is installed as a shell extension and loaded by Explorer.exe when the system starts. The .dll then loads and runs the .exe file. The Trojan also creates several files that contain user-specific information. The Trojan acts as a Web proxy, allowing attackers to use the infected system as a relay to access other Web servers. Later versions of this Trojan also log user´s login details for online banking and other financial services. These details are sent to a remote Web server for retrieval by the attackers. Later versions of this Trojan can also download and install updates from a list of Web sites built into the Trojan.