McAfee > Theat Center > Virus Detail Page

Overview

Captchar is a trojan program, which is used to defeat CAPTCHA(Completely Automated Public Turing test  to tell Computers and Humans Apart) that is often used by web sites to prevent spammers from using automated program to create a large number of accounts.

Aliases

• Trj/RompeCaptchas.A

• TROJ_CAPTCHAR.A

• Trojan.Captchar.A

• Trojan.Win32.Agent.brb

• W32/Captchas.A

• Win32/Captchar.A

Characteristics

-- Update October 31, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://news.bbc.co.uk/2/hi/technology/7067962.stm

--
Once executed, Captchar trojan starts a hidden instance of iexplore.exe and injects its code into this process. Then it deletes itself.

The trojan attempts to connect a remote server to exchange CAPTCHA information.

After successfully communicating with the server, the trojan displays the following message:

Hi!
My name is  melissa.  I'm 18 years old and you have come to the
right place to play :)
How to play?
;
Easy, enter the code that you will see and I'm taking off
1 of my things. :) Want to start strip me? Then what are you
waiting for? Click the start play.

The trojan then displays the message with a CAPTCHA input field when a user clicks the start button:

Ok, lets start baby! Lets see if you can strip me :).
Put the word that you see on bottom, if its correct I'll
take off 1 of my xxx :)

If a wrong CAPTCHA code is input by the user, the trojan displays the following message:

Hmmm, nope, the word you entered is
incorrect honey! Lets try again?

After the correct CAPTCHA is input by the user, the trojan sends the correct code to its control server, displays one of the following messages and a new CAPTCHA code to enticing the user into continuing the game.

Outch, nice one, you got it right!
ok, ready for next one? Here it is:

 

Symptoms

• an image with the title as "Melissa strip" and the message as described above

 

Method of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Removal

-

Variants

Variants

N/A

All Information

Overview -

Captchar is a trojan program, which is used to defeat CAPTCHA(Completely Automated Public Turing test  to tell Computers and Humans Apart) that is often used by web sites to prevent spammers from using automated program to create a large number of accounts.

Aliases

• Trj/RompeCaptchas.A

• TROJ_CAPTCHAR.A

• Trojan.Captchar.A

• Trojan.Win32.Agent.brb

• W32/Captchas.A

• Win32/Captchar.A

Characteristics

Characteristics -

-- Update October 31, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://news.bbc.co.uk/2/hi/technology/7067962.stm

--
Once executed, Captchar trojan starts a hidden instance of iexplore.exe and injects its code into this process. Then it deletes itself.

The trojan attempts to connect a remote server to exchange CAPTCHA information.

After successfully communicating with the server, the trojan displays the following message:

Hi!
My name is  melissa.  I'm 18 years old and you have come to the
right place to play :)
How to play?
;
Easy, enter the code that you will see and I'm taking off
1 of my things. :) Want to start strip me? Then what are you
waiting for? Click the start play.

The trojan then displays the message with a CAPTCHA input field when a user clicks the start button:

Ok, lets start baby! Lets see if you can strip me :).
Put the word that you see on bottom, if its correct I'll
take off 1 of my xxx :)

If a wrong CAPTCHA code is input by the user, the trojan displays the following message:

Hmmm, nope, the word you entered is
incorrect honey! Lets try again?

After the correct CAPTCHA is input by the user, the trojan sends the correct code to its control server, displays one of the following messages and a new CAPTCHA code to enticing the user into continuing the game.

Outch, nice one, you got it right!
ok, ready for next one? Here it is:

 

Symptoms

Symptoms -

• an image with the title as "Melissa strip" and the message as described above

 

Method of Infection

Method of Infection -

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Removal -

Removal -

-

Variants

Variants -

N/A