| Description:
|
Details
Trojan.PSW.Phreaker
This program belongs to the family of password stealing Trojans (PSW).
When run, the Trojan installs itself to the Windows system directory with the KERNEL32.EXE name and registers this file in the system registry auto-run section:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun kernel32 = kernel32.exe
The Trojan can also drop an additional DLL library KERN32.DLL. The Trojan then registers itself in the system as a hidden aplication (service), the Trojan process then is not visible in the task list.
When active in the system, the Trojan periodically sends e-mail messages to its host (hacker's e-mail address - this address also is optional). The message contains the following: computer information (owner, Internet address, etc); RAS and ICQ information; cached passwords (login name and password); as well as text strings that are entered by a user during a Windows session.
The Trojan can be managed by a special script (set of commands) that is placed on a Web page (i.e., this Trojan has "backdoor" ability), but this page is off. |
