Spyware Detail

Summary

lop is a family of programs that set your start page and IE's search features to use the site lop.com ('Live Online Portal') or one of its clone sites.

Known lop sites include: aavc.com acjp.com ebav.com ebaw.com ebch.com ebch.com ebdv.com ebdw.com ebgo.com ebjp.com ebkb.com ebkn.com ebky.com eblv.com wbkb.com ebmu.com ebvr.com ecmh.com ecmp.com ecpm.com ecwz.com ecyb.com edhq.com edty.com eduy.com eeev.com farse.com ibmx.com icwb.com icwo.com icwp.com iddh.com idhh.com ifiz.com iguu.com samz.com saoe.com sbee.com sbjr.com sbnl.com sbnt.com sbvr.com scbm.com sckr.com scrk.com sdry.com seld.com sfux.com sheat.com sipo.com smds.com srib.com srox.com srsf.com ssaw.com ssby.com surj.com tbvg.com tdak.com tdmy.com tefs.com tfil.com tjar.com tjaw.com tjgo.com tjem.com torc.com wabu.com wabq.com wfix.com wflu.com

Lop also adds shortcuts to advertisers. Finally it adds a task to run on startup which sets your homepage and search back to lop if you change them.

Alias

TrojanDownloader.Win32.Swizzor.ae
C2 Media, after the company that makes it.
TrojanDownloader.Win32.Small.bp
TrojanClicker.Win32.Rotarran (for Lop.Com.WinactiveJ)
Adware/Lop[Panda]
Dialer.AL[Panda]
LopAdvert[McAfee]
TrojanDownloader.Win32.Swizzor.i[Kaspersky]
Adware-180Solutions[McAfee]
Adware/nCase[Panda]
MpAdvert[McAfee]
Adware/Adtomi[Panda]
TrojanDownloader.Win32.Small.bp[Kaspersky]
MP3Search[McAfee]
TrojanDropper.Win32.Small.fl[Kaspersky]
Adware/WinActive[Panda]
Trj/Downloader.HW[Panda]
Win32/Polbya.A!Trojan[Computer Associates]
TrojanDownloader.Win32.Swizzor.au[Kaspersky]
VBS/Suzer.A!Dropper[Computer Associates]
VBS.Suzer[Computer Associates]
Trj/Zerolin.A[Panda]
TrojanDownloader.Win32.Swizzor.q[Kaspersky]
Trojan.Win32.SecondThought.h[Kaspersky]
Adware/Apropos[Panda]
Trj/Downloader.HC[Panda]
VBS.ObjectDataHTA[Computer Associates]
VBS/Inor.gen[Panda]
Spyware/Infameow[Panda]
TrojanDownloader.Win32.Swizzor.ba[Kaspersky]
Trj/Downloader.HX[Panda]
Adware/NetPals[Panda]
TrojanDownloader.Win32.Swizzor.br[Kaspersky]
TrojanDownloader.Win32.Swizzor.bm[Kaspersky]
TrojanDownloader.Win32.Swizzor.bn[Kaspersky]
Lop

See Also

Lop

Category

Adware:  Software that displays pop-up/pop-under advertisements when the primary user interface is not visible, or which do not appear to be associated with the product.

Browser Helper Object:  (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Dialer:  Software that connects to the Internet or another computer network without user permission.

Downloader:  A program that downloads and may execute or install software without user permission.

Dropper:  A program that creates or installs software without user permission

Hijacker:  Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.

Search Hijacker:  Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results.

Spyware:  Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware.

Toolbar:  A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.

Trojan:  Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.



Variants

Some variants install both the Toolbar software and the AYB software.

There are some other drive-by-downloads based around similar code. lop/Trinity only adds the shortcuts and does the homepage/search hijacking. lop/Dialer is a plain porn dialler; lop/Dialer2 is a porn dialer which also includes the startup task but not the links or the toolbar.

· Lop.com/Active · Lop.com/AYB · Lop.com/Dialer · Lop.com/IMZ · Lop.com/Loader · Lop.com/RND · Lop.com/Toolbar · Lop.com/Trinity · Lop.com.WinActiveJ · Lop.com.WinActive · OmegaSearch · Lop.com A ·

Reasons For Retention

Changes browser settings other than homepage, without user permission.

View Full Details