WORM_LEGMIR
October 09, 2012
ALIASES:
OnLineGames, Delf, Magania, Gampass, Dropper, DelpDldr, Games, Pupack
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Worm
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
Infection Channel:
Downloaded from the Internet
LEGMIR is a family of information stealers. Its primary routine is to steal user names and passwords used in online games.
In 2007, some website compromises were found to have distributed LEGMIR together with other information stealers.
TECHNICAL DETAILS
Memory Resident:
Yes
Installation
This worm drops the following files:
- %System%\HBWOW.dll
- %System%\System.exe
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)