TrojanSpy.Win32.Small
Details
TrojanSpy.Win32.Small.q
This Trojan spy program steals user details for electronic payment systems. It is a Windows PE EXE file of 5184 bytes, packed using FSG.
When installing, the program copies itself to the Windows directory, and registers the copied file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
“OLE”=Name of copied file
The Trojan then extracts a .dll file of 6144 bytes, called HookerDll.Dll to the Windows directory. This file intercepts data entered via the keyboard.
The program then creates a file named krk.txt in the Windows directory and copies all data entered via the keyboard to this file. This interception function will only be activated if a browser window header contains a line of text from the following list:
e-gold Account Access
HSBC Internet banking
Welcome to National Internet Banking
St.George Internet Banking Logon Page
Business Banking Online Login Page
MasterCard Connections Online - Welcome
St George Treasury: Client Logon
ANZ Internet Banking
SAAM Login
ANZ E*TRADE
FX Online Sphinx Login Page
https://www.tradeportal.proponix.com
BankSA Internet Banking Logon Page
Westpac Internet - Sign In
Westpac Internet Banking
NetBank - Logon
Commonwealth Securities Limited
Managed Funds and Superannuation Online - Login
Citibank Australia
Banesnet Particulares
Acceso a Banca por Internet
Wachovia Online Business Banking
Online Services - Account Login
Ventura County Business Bank Online Banking
PNC Bank - Account Link for Business
Fleet HomeLink Online Banking and Investing
e-Bullion: Account Login
:: WMcards.com :: Customer Support
moneybookers.com - and money moves
SunTrust Online Banking
Washington Mutual - Log On
Discover Card: Account Center Log In
OrbitPay.net - The Payment Processor Of Choice!
Banco Popular - Internet Banking
Nationwide Building Society - On-line banking
E*TRADE Log On
Accueil Bred.fr > Espace Bred.fr
Credit Lyonnais interactif
CyberMUT
Banque en ligne
Tous les produits et services
Banque Populaire
Home Page Banca Intesa
Collegamento a Scrigno
Barclaycard Merchant Services
American Express UK - Personal Finance
Merchant Administration
Wells Fargo - Small Business Home Page
Commercial Electronic Office Sign On
VeriSign Personal Trust Service
VeriSign Partner Manager
SUNCORP METWAY
iKobo Money Transfer
Welcome to Citi
By doing this, the Trojan steals access codes to electronic payment systems, and then sends the data to the author of the program by email.
Related Posts