TSPY_GOLDUN.CP

Overview

QUICK LINKS	Download the latest scan engine

Type: Spyware

In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:		Low

Reported detections:		Low
System impact:		High
Information exposure:		High

Infection Channel 1: Spammed via email

Description:

To get a one-glance comprehensive view of the behavior of this spyware, refer to the Behavior Diagram shown below.

TSPY_GOLDUN.CP Behavior Diagram

Comments/Suggestions

We would like to know what you think about the Behavior Diagram, our latest Virus Encyclopedia feature. Please click here to send us your comments, suggestions, or feedbacks.

Malware Overview

This spyware may arrive as an attachment to an email message spammed by a malware or a malicious user. The email message appears as follows:

Upon execution, it drops several files in the Windows system folder of an affected machine.

It monitors the Internet Explorer activities of the affected system. When the following Web sites are visited, it either redirects to or opens a spoofed login Web page:

https://www.e-gold.com/acct/acct.asp
https://www.e-gold.com/acct/ai.asp
https://www.e-gold.com/acct/balance.asp

The spoofed login Web page prompts a user to enter personal account information such as user names and passwords. This spyware then gathers the said information and sends it to a remote malicious user via its own Simple Mail Transfer Protocol (SMTP) engine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar 5, 2006

Tell us how we did. Take our quick survey.