Overall risk rating:

Reported detections:

System  impact:

Information exposure:

Description:

This spyware arrives on a system either downloaded from the Internet by a Trojan detected as TROJ_PAKES.NC or dropped by TSPY_SINOWAL variants.

Upon installation, it is injected by the main spyware component into various running processes, thus preventing easy detection and removal. However, it needs its main component to successfully perform its malicious routines.

This spyware monitors a user's Internet browsing activities and steals information such as user names and passwords by logging keystrokes. It then sends the gathered information to a remote malicious user using its own Simple Mail Transfer Protocol (SMTP) engine. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

For additional information about this threat, see:
Solution
Technical Details

Revision history: 
Jun 29, 2007 - Complete Virus Report