Overall risk rating:

Reported detections:

System  impact:

Information exposure:

Description:

This spyware arrives as a file downloaded from a certain Web site.

It injects itself into the legitimate WINLOGON.EXE and SVCHOST.EXE processes as part of its memory residency routine.

It attempts to access the following Web site to download a configuration file.

The said file contains information where it can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites to monitor from which it steals information.

Once users access any of the monitored sites, it starts logging keystrokes.

This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

For additional information about this threat, see:
Solution
Technical Details