Aliases: W32/Munia!inf
Variants: W32.Munia, W32/Munia

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 05 Aug 2006
Damage: Low

Characteristics: The W32.Munia!inf is a virus that can infect .exe files in the event that the target file is used. This malware is also able to steal game account information such as passwords and usernames for the Legend of Mir game. It uses a keylogger for logging the user’s keystrokes and it collates the keystrokes in a log file saved in the compromised machine. This virus can also open a backdoor in the affected machine which will be used for communications between the virus and its author.

More details about W32.Munia!inf

When this virus is run in the infected computer system, it will begin to create files having the .exe, .bd and .dll extensions. It will also delete a registry subkey that will enable it to hide its presence in the host machine. It then adds an autostart registry entry so that it will run every time that Windows starts. This security threat will also add another registry entry to a specific registry subkey in order to hide all the files and folders that it has dropped in the compromised machine. The W32.Munia!inf virus will also try hijacking the service Routing and Remote Access via adding a value to a registry subkey. Next, it will drop and then inject the file munia.dll into the system’s currently active processes.

The security threat then begins its keylogging activity so that it can harvest game account information pertaining to the Legend of Mir game. The game’s credits are targeted by malicious users since they are quite difficult to obtain so they can be sold for really money or auctioned off. All the keystrokes logged by the user will be saved in a log file and sent to the virus’ author to a predefined URL via the explorer.exe file. This file will be analyzed by the remote hacker and then sorted as to what can be used and what is merely junk.