Trojan-Banker.Win9x.Melder

Parent class: TrojWare

Trojans are malicious programs that perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, the threats that fall into this category are unable to make copies of themselves or self-replicate. Trojans are classified according to the type of action they perform on an infected computer.

Class: Trojan-Banker

Trojan-Banker programs are designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. The data is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.

Read more

Platform: Win9x

No platform description

Description

Technical Details

Melder is a harmless nonmemory resident parasitic Win32 virus. The virus itself is a Windows PE EXE file, written in Delphi. The virus size is about 46KB.

The Melder virus infects .EXE files in the Kazaa file sharing network download directory. In case Kazaa is not installed, the virus fails to infect the computer. While infecting the virus writes itself to the beginning of the file (the original file body is moved down before infecting).

The virus also copies itself to two files in the Windows directory and the Temp subdirectory:

 in Windows directory:        Melda.Scr
 in WindowsTemp directory:   KaynakDosya.exe

The virus contains the text string:

 This Is A Infected File
 Infecting Kazaa Files...

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com