|
Description:
This Trojan arrives as a file downloaded from a remote URL.
Upon execution, it drops a copy of itself in the system folder. It creates a folder with attributes System and Hidden, where it drops non-malicious files.
It creates/modifies registry entries to enable its automatic execution at system startup. It injects itself into the legitimate processes as part of its memory residency routine.
It attempts to access a Web site to download a file. The said file contains information where the Trojan can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites from which it steals information.
Note that the contents of the file, hence the list of Web sites to monitor, may change any time. Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal sensitive online banking information, such as usernames and passwords. This routine risks the exposure of the user’s account information, which may then lead to the unauthorized use of the stolen data.
The stolen information is saved in the file, then sent to a remote server.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 19, 2009 5:12:28 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
