Overall risk rating:

Reported detections:

System  impact:

Information exposure:

Description:

This spyware usually arrives on a system as a file dropped by TROJ_DLOADER.FYX.

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. The said action enables this spyware to monitor user activities on the Internet by running every time an Internet Explorer browser is opened.

This spyware monitors a user's Internet browsing activities and steals the following information from the affected system:

• Host name
• IP address and gateway address
• Computer ID
• Operating system (OS) installed
• Web sites visited, user names, and passwords
• Autocomplete information

It saves the gathered information in a certain .TXT file, then sends the said file to a remote malicious user using its own Simple Mail Transfer Protocol (SMTP) engine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb 3, 2007