Welcome to the Virus Encyclopedia of Panda Security.
It steals passwords and information from electronic payment systems, such as e-gold. It reaches the computer in an email message passing itself off as the Internet Service Provider Consorcium.
|First detected on:||Sept. 12, 2008|
|Detection updated on:||Sept. 18, 2008|
|Yes, using TruPrevent Technologies
Goldun.TB is a Trojan designed to steal passwords and information from the electronic payment systems, as e-gold.
Additionally, it adds itself to the list of authorized application by the firewall so that it cannot be blocked and can access the affected computer.
Goldun.TB does not spread automatically by its own means. It needs an attacking user's intervention in order to reach the affected computer.
Goldun.TB is easy to recognize, as it reaches the computer in an email message with the following features:
- Subject: Your internet access is going to get suspended
Your internet access is going to get suspended
The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.
We are aware of your illegal activities on the internet wich were originating from
You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.
ICS Monitoring Team
The message seems to be a warning from the ICS to notify the suspension of the Interrnet access since the user has been downloading copyrighted material.
The message contains an attached file compressed with ZIP called USER-EA49943X-ACTIVITIES.ZIP, which passes itself off as a report of the Internet activities in the past 6 months.