| Description:
|
Details
Trojan.PSW.LdPinch
This family of Trojans steals user passwords.
When launching, the Trojan writes the following value to the system registry.
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
putil = %windir%%file name%
This ensures that the Trojan will be run every time the system is started.
It then copies itself to the Windows folder, and launches itself from there, deleting the original file.
The Trojan harvests information about the system (operating system, configuration etc.) and passwords for a range of services and applications, including RAS, POP3, IMAP, ICQ, FTP etc.
The information collected is encoded using MIME (Base64) and sent to the Trojan's author by email, using an SMTP server with an IP address which is coded in the Trojan's body. |
