TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TSPY_LEGMIR
Overview
Solution
Technical Details

QUICK LINKS  

Download the latest scan engine

TypeSpyware

Aliases: Trojan-Downloader.Win32.Harnig.bl (Ikarus)

In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

 Low

Reported detections:

 Low

System  impact:

 High

Information exposure:

 High
 

Description:

This spyware may arrives as a dropped file by other malware. It attempts to drop a copy of itself and/or a .DLL file with a BMP extensionin the default System folder.

The DLL is injected into several legitimate processes in an attempt to steal account information, such as user names and passwords of a game named Legend of Mir. It does this routine by logging keystrokes and saving the gathered information in a text file. It then sends the data to a remote malicious user via its own Simple Mail Transfer Protocol (SMTP) engine.

This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data. Furthermore, having its own SMTP engine no longer requires this spyware to use other email applications, such as Microsoft Outlook.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun 10, 2006




Tell us how we did. Take our quick survey.