Don’t Be Fooled By The Alureon Trojan Horse

In mythology, the Greeks fooled the Trojans by building them a big wooden horse. This gift actually held Grecian soldiers who opened the gate and let everyone else in. There could not be a more suitable name for the vehicles that drive malware into computer systems. Trojans can seem innocuous, beneficial even, but they open the gate for other forms of malware. The Alureon trojan is also a rootkit that can compromise the security of your system, as well as the privacy of your data. How can you recognize this trojan?

Meet the Alureon Trojan

The Alureon trojan, which is also known as Win32/Alureon, has the primary objective of gathering private information. Known as a “data-stealing” trojan, Alureon tracks your browsing habits and can record user names, passwords, credit card and bank numbers, and more. It may also enable malicious data to enter your system, which can lead to other security issues. As a rootkit, it allows continued access to a system.

Alureon is also known as TDSS, TDL3, and TidServ. It is identified under different names by different security programs. Microsoft, for instance, uses Alureon. Kaspersky identifies it as Trojan-Downloader.Win32Zlob, and Symantec calls it Trojan.Zlob.

Alureon in Your System

Like rogue antivirus programs, this trojan is designed to work invisibly in your system. You may begin to notice changes in your machine’s performance. These may include:

  • Redirects. When you conduct a search and click a link, you will be redirected to a site displaying advertising.
  • Disallowed. Alureon creates a list of programs that it will not execute. This list will include any antivirus or anti-malware programs you have installed in your computer.
  • Blocked sites. This trojan will often block websites that offer antivirus help or advice.
  • Blocked access. You may not be able to access your task manager or registry editor functions.
  • Slow performance. The Trojan is running constantly in the background, using your system resources to power itself. This draws resources from your legitimate programs an makes even routine tasks much more slow.
  • Communication with certain IP addresses. This allows the trojan to contact other sites to get instructions or update itself.

Alureon is able to exploit security vulnerabilities to gain access to your system. It is common for this particular trojan to disguise itself as a video codec, PluginVideo.exe. One you install this codec, the trojan can copy itself into your system directory under a random name and hide. This allows the trojan to evade standard detection and removal techniques. It also installs a registry key or a DLL file to ensure it launches each time you start a Windows start. Sites that are vulnerable to trojans include those with adult, gaming, pirated, P2P, and free content. Malicious sites often pose as websites about specific trending topics or as security software sites.

Because it has the potential to compromise data, especially sensitive information like credit card or bank account numbers, it is important to remove the Alureon trojan immediately.