Overall risk rating:

Reported detections:

System  impact:

Information exposure:

Description:

To get a one-glance comprehensive view of the behavior of this spyware, refer to the Behavior Diagram shown below.

Spyware Overview

This spyware arrives on a system either downloaded from the Internet or dropped by other malware. It may also arrive as an attachment to spammed email messages.

When executed, it drops its DLL component, PDLL.DLL, in the Windows system folder. The DLL component is detected by Trend Micro as TSPY_LINEAGE.CFW. It is injected into several processes found running on the affected system. This spyware uses the said component in its information stealing routine.

This spyware monitors the Internet Explorer activities of an affected system and steals account-related information like user names and passwords. It does this routine by logging user keystrokes and saving all gathered information in the file, D1.DAT. It then sends the said file to a predetermined email address using its own Simple Mail Transfer Protocol (SMTP) engine. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

Moreover, it terminates several processes found running in memory. This routine makes detection and removal more difficult.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct 10, 2006