x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Goldun.TB

Threat LevelLow threatDamageHighDistributionNot widespread
Common name:Goldun.TB
Technical name:Trj/Goldun.TB
Threat level:Medium
Type:Trojan
Effects:  

It steals passwords and information from electronic payment systems, such as e-gold. It reaches the computer in an email message passing itself off as the Internet Service Provider Consorcium.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Sept. 12, 2008
Detection updated on:Sept. 18, 2008
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Goldun.TB is a Trojan designed to steal passwords and information from the electronic payment systems, as e-gold.

Additionally, it adds itself to the list of authorized application by the firewall so that it cannot be blocked and can access the affected computer.

Goldun.TB does not spread automatically by its own means. It needs an attacking user's intervention in order to reach the affected computer.

Visible Symptoms 

    

Goldun.TB is easy to recognize, as it reaches the computer in an email message with the following features:

  • Subject: Your internet access is going to get suspended
  • Message:

    Your internet access is going to get suspended

    The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
    We conduct regular wiretapping on our networks, to monitor criminal acts.

    We are aware of your illegal activities on the internet wich were originating from

    You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

    Sincerely
    ICS Monitoring Team


    The message seems to be a warning from the ICS to notify the suspension of the Interrnet access since the user has been downloading copyrighted material.
  • Attachment:

    The message contains an attached file compressed with ZIP called USER-EA49943X-ACTIVITIES.ZIP, which passes itself off as a report of the Internet activities in the past 6 months.