Home Malware Programs Browser Plugins Alibaba Toolbar

Alibaba Toolbar

Posted: March 28, 2006

Alibaba Toolbar is an Internet Explorer plugin that monitors user Internet activity and records specific keywords that the user enters into search fields on many web sites. Gathered information is secretly sent to the threat's publishers. Alibaba Toolbar can silently download and execute arbitrary potentially harmful files. It is able to update itself via the Internet. Alibaba Toolbar runs every time the user launches Internet Explorer.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 bar.dll
    2 update.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREAlibabaToolbarHKEY_LOCAL_MACHINESOFTWAREClassesAlibabaIEToolBar.AlibabaButtonHKEY_LOCAL_MACHINESOFTWAREClassesAlibabaIEToolBar.AlibabaButton.1HKEY_LOCAL_MACHINESOFTWAREClassesAlibabaIEToolBar.AlibabaSearchBarHKEY_LOCAL_MACHINESOFTWAREClassesAlibabaIEToolBar.AlibabaSearchBar.1HKEY_LOCAL_MACHINESOFTWAREClassesAlibabaIEToolBar.ShowBarObjectHKEY_LOCAL_MACHINESOFTWAREClassesAlibabaIEToolBar.ShowBarObject.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallAlibabaToolbar
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}13B0C05C-EF05-4BF6-B0EA-F6111AF25544448F1BD5-C41A-4551-83CF-8CD2309ABC66AB44756F-FCE0-454D-AF29-930B89BB44D263C8AF31-AD6E-417C-BF8B-48B96E95DC2542CB709C-A1D6-4C3A-9F9C-B077FF86A76009F59435-7814-48ED-A73A-96FF861A91EB850B69E4-90DB-4F45-8621-891BF35A5B530C588F7D-A2B3-4001-B59B-D856C1BF3AD7
Loading...