RPGWatch Forums - View Single Post - This week in computer security
View Single Post


July 26th, 2014, 12:18
A new Trojan called Retefe is uninstalling itself after the infection - and it is still able to effectively operate, though indirectly, then.

More information for example here : http://www.microsoft.com/security/po…Retefe.A#tab=2


Steals sensitive information

Trojan:Win32/Retefe.A can steal sensitive information from your PC, such as your online user names and passwords. It does this by installing a fake self-signed certificate and intercepting traffic through your Internet browser.

It installs a fake self-signed certificate with the thumbprint 3DDF56A7004D90034D77E2D97F68C56FAA3C93AD:


It then installs the self-signed certificate to be used by the Firefox browser.

It also changes the DNS server to an IP address of a server controlled by the attacker. We have seen the following IP addresses being used:

Stops processes

Trojan:Win32/Retefe.A terminates the following processes if they are running:

In short, the Trojan installs its own self-signed certificate, and redirects browsers to the trojan's web sitres, which appear to be trustable, because of the trojan's certificate …
Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction. (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
Original Sin 1 & 2 Donor


Join Date: Nov 2006
Location: Old Europe
Posts: 17,463
Mentioned: 2 Post(s)