is a detection for a Trojan that steals sensitive information from the compromised machine and sends it to the remote attacker.
is a detection for a Trojan that steals Victim's email messages using legitimate MAPI(Messaging Application Programming Interface) code.
steals stored passwords from following application.
Upon execution the Trojan steals information and sends to the following remote server.
- Microsoft Outlook
- Outlook Express
Trojan steals these credentials by parsing the following registry keys:
- hxxp: ssshsecu[Removed]ata.php
- HKEY_USERS\S-1-5-21-1844237615-1085031214-1417001333-500\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
- HKEY_USERS\S-1-5-21-1844237615-1085031214-1417001333-500\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profile
The following registry key values have been added to the system
Trojan uses the above MAPI code for getting folders and messages.
Indication of Infection
Presence of above mentioned activities
Methods of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).