Subscribe0 0
This Trojan has a keyboard logging function, which is intended to steal information from users of a range of on-line payment systems. The Trojan has two components: an executable file, 3792 bytes in size, and a .dll file, 4608 bytes in size.
The malicious code was transmitted via the Internet using spamming techniques at the end of January 2004.
InstallationWhen installing, the Trojan copies itself to the Windows system directory under a random name and registers this file in the system registry autorun key:
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] OLE=%Windir\file name
The Trojan then creates the second component under the name HookerDll.dll, and also a file named kgn.text; all information harvested is saved in this file. Both files are placed in the Windows directory.
The program monitors all applications which are launched, and if any text listed below is detected, it will start logging all keystrokes, and save this information to the kgn.txt file.
1mdc 1MDC Access ANZ bank Bank bank of montreal Bank of Montreal Bank West bankwest BankWest Bendigo bmo BMO cibc CIBC Citibank commbank Commonwealth e-bendigo e-Bendigo e-bullion e-Bullion e-gold evocash EVOCash EVOcash goldgrams goldmoney GoldMoney HyperWallet
hyperwallet INTgold intgold INTGold Logon macquarie Macquarie National NetBank 颾endigo paypal PayPal Pecun!x pecunix Pecunix President Choice president's choice President's Choice Royal Bank royalbank RoyalBank Scotia Bank scotiabank ScotiaBank Suncorp suncorpmetway TD Canada Trust tdcanadatrust TDCanadaTrust Westpac
Hot Articles