Welcome to the Virus Encyclopedia of Panda Security.
Sinowal.WZN allows hackers to get into and carry out dangerous actions in affected computers, such as capturing screenshots, stealing personal data, etc.
It avoids being detected by the user by using the following techniques:
- Techniques included in its code to hide its files and processes while it is active.
- It terminates processes belonging to several security tools, such as antivirus programs and firewalls, so they cannot warn the user of the presence of this malware on the computer.
It captures certain information entered or saved by the user, with the corresponding threat to privacy:
- Passwords saved by certain Windows services.
It then sends the gathered information to a remote user by any available means: email, FTP, etc.
It causes a loss of productivity in the local network to which the compromised computer belongs:
- It generates a large amount of network activity and consumes bandwidth.
It reduces the security level of the computer:
- It terminates processes belonging to security tools, such as antivirus programs and firewalls, leaving the computer defenseless against attacks from other malware.
Means of transmission
Propagation through the exploits of remote vulnerabilities:
Sinowal.WZN carries out the following process:
- It spreads by attacking IP addresses obtained at random or from the network to which the infected computer belongs.
- It tries to access the IP addresses under attack by exploiting an existing vulnerability or through an open port.
- If it does this, it downloads a copy of itself onto the vulnerable computer.
Sinowal.WZN has the following additional characteristics:
- It is 131072 bytes in size.