Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

SpyFalcon

From Malware Wiki
Jump to: navigation, search

MultipleIssues.png This page has multiple issues. These issues most likely include issues with references and manual of style violations. Please help Malware Wiki by correcting these issues.

SpyFalcon
Spyfalcon.png
TypeTrojan
CreatorSpyFalcon
DateMarch 17th, 2006
OriginCyprus(?)
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
Alias(es)Hoax.Win32.Renos.bz (Kaspersky)
MD50702e1758020e95931613839aa36f691
SHA-16c4d215c60aba1e44041ccf01760d0d7334e8248
SHA-256be238454e44cee4c504b6c1f532467a68746e0ece9e8ab42e53fcdd5b63fef15
SSDEEP768:VAuAXKjoCvTyOTiyLMGONf5/mN+B5oUotvgCY5JCOlgC7vZU9QZU9hFnN8tyx:VAu2KjHnTBi5/u++RNOlhLzqFnNK
Authentihashad54bff2368113ee87536dfc6be0a07ca3b10d546864376ddfd2a9fa367a7b68
IMPhash7f52b43dae2dffb65df95a87e7bc8689
This box: view  talk  edit

SpyFalcon is a rogue antivirus that that existed between 2006-2009 which promised to remove spyware and could be downloaded from spyfalcon.com (domain already non-existent). It is part of the win32/renos family.

Payload

Transmission

SpyFalcon can be distributed by trojans and through malicious advertisements using certain exploits.

Infection

SpyFalcon performs a "complete system scan" for viruses and sent a message that the computer was infected with spyware, the virus showed ads every minute saying "Your computer is infected!" It opened Pop-Ups, dialogs and homepage online offers. 

SpyFalcon may then offer to download its application in order to remove the threat. If the user followed the instructions, SpyFalcon will be installed and may redirect the user's Internet Explorer home page and search results to other unsolicited websites. SpyFalcon may also download and install additional malware inside the user's computer system without their knowledge or consent. 

To obtain the most recent definitions, the user starts Symantec program and run LiveUpdate.

While SpyFalcon is installed it activates the following programs, %ProgramFiles%\SpyFalcon C:\Documents and Settings\Administrator\Start Menu\Programs\SpyFalcon