TSPY_ONLINEG.OMU
Posted: August 19, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 77 |
| First Seen: | August 19, 2013 |
|---|---|
| OS(es) Affected: | Windows |
TSPY_ONLINEG.OMU is a password-stealing spyware program that also installs other malware onto your computer. Current payloads for TSPY_ONLINEG.OMU infections include backdoor Trojans, which allow remote attackers to control your PC and should be considered high-level security threats. Unusually, TSPY_ONLINEG.OMU does not install its second payload automatically; instead, TSPY_ONLINEG.OMU awaits a trigger keyed to the PC user attempting to access various industry-specific websites, which has led SpywareRemove.com malware experts to assume that TSPY_ONLINEG.OMU's backdoor attacks are intended to affect specific companies and ignore casual PCs. However, both professional and casual PCs are vulnerable to TSPY_ONLINEG.OMU's conventional spyware functions. Since neither aspect of TSPY_ONLINEG.OMU's attacks display any mentionable symptoms, anti-malware tools always should be used for finding and removing TSPY_ONLINEG.OMU.
TSPY_ONLINEG.OMU: a Spy with Something Extra Up Its Sleeves
TSPY_ONLINEG.OMU is a newly-developed version of TSPY_ONLINEG, which has been stealing gaming application passwords for several years. TSPY_ONLINEG.OMU monitors the infected PC's interaction with relevant online gaming sites and programs to steal your login information and also may disable some brands of anti-malware software. However, these functions also were found in previous versions of TSPY_ONLINEG; what makes TSPY_ONLINEG.OMU particularly interesting to SpywareRemove.com malware analysts is its capacity for assisting with the installation of a backdoor Trojan.
TSPY_ONLINEG.OMU's new backdoor-enabling function triggers whenever your browser loads an admin login page for specific South Korean industries, such as telecommunications, finance, advertising and (once again) gaming companies. TSPY_ONLINEG.OMU's backdoor component, the trojan BKDR_TENPEQ.SM, steals login data for these companies in a very similar way to how TSPY_ONLINEG.OMU steals game account information. In addition to targeting specific types of personal information, TSPY_ONLINEG.OMU's backdoor Trojan also includes a keylogger function that can record any typed information in general.
Keeping TSPY_ONLINEG.OMU from Hopping Through Your Browser to Your Hard Drive
TSPY_ONLINEG.OMU is distributed through legitimate but hacked South Korean sites that are forced to install TSPY_ONLINEG.OMU on their visitors' PCs through drive-by-download attacks. Fortunately, SpywareRemove.com malware researchers were able to confirm that all identified sites have been re-secured, but TSPY_ONLINEG.OMU's ongoing development makes the possibility of new attacks in the future a likely one. Anti-malware programs and browser security features in combination should be considered for blocking such attacks, and disabling exploitable script-based features (such as Java) is recommended.
Spyware like TSPY_ONLINEG.OMU carefully avoids showing any symptoms that would allow you to detect its presence. For this reason, SpywareRemove.com malware researchers find the continual deployment of anti-malware protection to be critical to detecting and removing TSPY_ONLINEG.OMU and other forms of spyware before any personal information may be stolen. As noted previously in this article, gaming passwords and user names are especially likely to be targeted, but TSPY_ONLINEG.OMU's new additions also should be considered capable of compromising professional business networks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.