Welcome to the Virus Encyclopedia of Panda Security.
It is a malicious tool that allows to create new Trojans without having any programming skills. The Trojans created steal users' passwords for the service Yahoo Messenger.
|First detected on:||Dec. 22, 2004|
|Detection updated on:||Dec. 22, 2004|
|Yes, using TruPrevent Technologies
Mastof is a virus constructor type malware. To be more precise, Mastof allows to create Trojans that steal the password for the instant messaging program Yahoo Messenger. It is not necessary to have any programming skills to use this malicious tool.
Mastof allows to configure the following settings for the Trojans to be created, among others:
- Disable the Task Manager.
- Disable the Windows Registry editing tools.
- Send the IP address of the affected computer to its author.
- Send the version of the operating system.
- Encrypt the stolen password.
- Delete the original file of the Trojan once it is installed.
- Run the Trojan whenever Windows is started.
- File name of the Trojan's executable file.
- Specify a fake error message to be displayed when the Trojan is run.
- Specify an icon for the Trojan's executable file.
Additionally, all the Trojans created with Mastof are detected by Panda Security as Trj/Mastof.A, and they share the following common characteristics:
- They go memory resident.
- They copy themselves both to the Windows system and the Windows directories.
- They create a file called HINSTANCE.DLL, which contains the stolen password.
- The password will be sent to a Yahoo mail account of the author's choice.
Mastof is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.