Posted: June 20, 2012
Threat Metric
Threat Level: 8/10
Infected PCs 60

Kuluoz Description

Kuluoz is a family of Trojans that are used to install other PC threats and steal personal information (such as passwords). The majority of Kuluoz variants are designed to install some form of fake security program (such as members of WinWebSec or FakeSysdef) that display fraudulent security pop-ups and system scans while simultaneously hindering the performance of your PC. Because Kuluoz is often distributed by spam e-mail that alleges to be from the UPS or a similar entity of good repute, SpywareRemove.com malware researchers particularly caution you to avoid file attachments from strange e-mails, particularly if they're in .zip format (one of Kuluoz's preferred formats). If you suspect that Kuluoz or its payload have infiltrated your computer, an exhaustive system scan by a reputable anti-malware product should be able to delete Kuluoz and anything that Kuluoz might have installed.

Kuluoz: a New Delivery Man for This Year's Scamware

Variants of Kuluoz have been reported since mid-2012, with different varieties of Kuluoz being dedicated to installing different types of PC threats. Many variants, such as TrojanDownloader:Win32/Kuluoz.A and TrojanDownloader:Win32/Kuluoz.B, will automatically initiate contact with a variety of both malicious and mundane sites (such as Google and Twitter), with the latter being included to conceal their harmful traffic requests. After contacting their C&C servers, Kuluoz Trojans will receive instructions that tell them which files to download and install – including scamware like Win Disk, Win HDD, S.M.A.R.T. Check, Security Shield 2012 and Winweb Security. These rogue defraggers and security programs offer up fake system information about various forms of damage or PC threats, but SpywareRemove.com malware researchers emphasize the fact that these warnings are wholly fake.

Some versions of Kuluoz have also been found to utilize spyware-based attacks. SpywareRemove.com malware analysts have indicated that current versions of Kuluoz can use two distinct methods for stealing private information:

  • Monitoring login input for various browsers and file-management utilities, with vulnerable programs including Firefox, BitKinex, Chrome, Total Commander, Far Manager, SmartFTP, FileZilla, Bulletproof FTP and WinSCP.
  • Harvesting files of the following types: Microsoft Excel, Microsoft Word, Firefox password files, Opera password files and Thunderbird password files.

Dodging Kuluoz's E-mailed Bullet

Kuluoz is typically propagated by fake e-mail messages with covers that include UPS delivery notices and airline ticket confirmations. While these e-mails will try to convince you to view an included file attachment to confirm the information mentioned in their main bodies, SpywareRemove.com malware researchers note that reputable companies will never ask you to open e-mail file attachments. Kuluoz can be specifically recognized by some of its file names: Postetikett_Deutsche_Post_AG_DE482456.zip, FedEx_Label_ID_Order_83-27-4534US.zip, IRSPROFILE.zip, Print_Label_FedEx_AN173738US.zip, Label_Parcel_IN34-789-54UK.rarTicket_Delta_Air_Lines_US9760.zip and Label_US.6366NT.zip.

After being extracted from its zip file, Kuluoz will use misleading file names (such as csrss.exe) to make itself look like a normal part of Windows. SpywareRemove.com malware researchers suggest using anti-malware software to detect and remove Kuluoz and its payload, since this method is the easiest way to delete Kuluoz without risking any damage to your OS.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kuluoz may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.