This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Infostealer.Sazoora activity on infected machine.
After the execution, the original sample deletes itself in order to hide its presence in the system.
The malware steals user's information by monitoring the following sites:
The following browsers are monitored by the malware:
In order to be executed whenever Windows starts it creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"WindowsHost" = "%APPDATA%\WinHost\svchost.exe"