Overall risk rating:

Reported detections:

System  impact:

Information exposure:

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Spyware Overview

This spyware arrives on a system as a file dropped by other spyware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops a copy of itself in the Windows system folder. It also modifies the registry so that it automatically runs at every system startup.

This spyware monitors the Internet Explorer activities of the affected system, specifically the address and title bars. It recreates a legitimate Web site with a spoofed login page if a user visits certain banking sites.

This tricks the user into giving out sensitive account-related information. It logs keystrokes entered by the user in the user name and password fields of the spoofed login page. This may then lead to the unauthorized use of the stolen data.

It sends gathered information via email using a specified Simple Mail Transfer Protocol (SMTP) server. It sends all the gathered information to specified email addresses.

For additional information about this threat, see:
Solution
Technical Details