x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Goldun.KR

Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Goldun.KR
Technical name:Trj/Goldun.KR
Threat level:Medium
Alias:Downloader-AYA
Type:Trojan
Effects:  

It monitors Internet traffic generated when the user accesses several online banking entities in order to log usernames and passwords for accessing them. It does not spread using its own means.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Aug. 21, 2006
Detection updated on:Aug. 21, 2006
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Goldun.KR is a Trojan that monitors Internet traffic generated when the user accesses web pages related to several online banking entities. By doing this, it logs usernames and passwords for accessing those banking entities.

Then, it sends the gathered information to its author.

Goldun.KR does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Visible Symptoms 

    

Goldun.KR is easy to recognize, as it displays the following symptoms:

  • It reaches the computer in a double extension file called ASSET.TXT.EXE. This way, it attempts to deceive users making them think that it is a text file, because if the option Hide file extensions for known type files is abled, users would only view ASSET.TXT.
  • When this file is run, NotePad is opened with the following text:

    Section 228. Failure to Pay Legal Child Support Obligations
    It is a misdemeanor offense for any person who willfully fails to pay a support obligation with respect to a child who resides in another State, if such obligation has remained unpaid for a period longer than 1 year or is greater than $5,000. It is a felony offense for the same violation if such obligation has remained unpaid for a period longer than 2 years, or is greater than $10,000.
    It is a misdemeanor offense for any person who willfully travels in interstate or foreign commerce with the intent to evade a child support obligation, if such obligation has remained unpaid for a period longer than 1 year or is greater than $5,000. It is a felony offense for the same violation if such obligation has remained unpaid for a period longer than 2 years or is greater than $10,000.
    The court shall order mandatory restitution under Title 18 USC Section 3663A -- Mandatory Restitution to Victims of Certain Crimes in an amount equal to the total unpaid support obligation as it exists at the time of sentencing upon receiving a conviction under a violation within this section.
    darkcollection.cj.com