x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Mastof

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Mastof
Technical name:Constructor/Mastof
Threat level:Low
Type:Security Risk
Subtype: Virus Constructor
Effects:  

It is a malicious tool that allows to create new Trojans without having any programming skills. The Trojans created steal users' passwords for the service Yahoo Messenger.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Dec. 22, 2004
Detection updated on:Dec. 22, 2004
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Mastof is a virus constructor type malware. To be more precise, Mastof allows to create Trojans that steal the password for the instant messaging program Yahoo Messenger. It is not necessary to have any programming skills to use this malicious tool.

Mastof allows to configure the following settings for the Trojans to be created, among others:

  • Disable the Task Manager.
  • Disable the Windows Registry editing tools.
  • Send the IP address of the affected computer to its author.
  • Send the version of the operating system.
  • Encrypt the stolen password.
  • Delete the original file of the Trojan once it is installed.
  • Run the Trojan whenever Windows is started.
  • File name of the Trojan's executable file.
  • Specify a fake error message to be displayed when the Trojan is run.
  • Specify an icon for the Trojan's executable file.

Additionally, all the Trojans created with Mastof are detected by Panda Security as Trj/Mastof.A, and they share the following common characteristics:

  • They go memory resident.
  • They copy themselves both to the Windows system and the Windows directories.
  • They create a file called HINSTANCE.DLL, which contains the stolen password.
  • The password will be sent to a Yahoo mail account of the author's choice.

Visible Symptoms 

    

Mastof is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.