We are seeing a strong surge in the spread of a game password-stealing worm. A number of reports online have described the infection occurring when the user was copying files over a usb drive.

The files that we are seeing drop an executable in the windows\system32 directory by varying names: “avpo.exe” and “niedeiect.com” are common. This nasty little thing copies itself to various locations on your drive, drops driver files possessing unstable rootkit techniques to hide its own files, and steals the passwords of your favorite games. If you see “avpo” or “amvo0.exe” performing strange behaviors alongside “niedeiect.com” on your drive, like writing to the explorer.exe process, quarantine them.

This entry was posted on Wednesday, December 12th, 2007 at 2:56 pm and is filed under Dropper, Password stealing, Rootkit, Worm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.