Subscribe0 0
This family of Trojan programs steals confidential information from the victim machine, including files containing configuration details which contain passwords. Although passwords are normally saved in an encrypted form, the encryption used is very weak.
Programs from this family steal files containing settings for the following programs and services:
- &RQ(IRQ)
- Becky! Internet Mail
- Cute FTP
- EDialer
- FAR (ftp plugin info)
- Microsoft Outlook
- Mirabilis ICQ
- Miranda ICQ
- Mozilla
- Opera
- The Bat!
- Total Commander
- Trillian Messenger
- WS_FTP
- RAS Windows service information
A temporary file named C:\out.bin is created, and all harvested information will be unpacked and reencrypted. The file is then sent to an email address with the message subject 'Passes from Pinch 2(<host name>)'
This family of programs has no malicious payload. The executable file is usually less than 20KB in size.
Hot Articles