|Detected||Mar 11 2005 14:09 GMT|
|Released||Mar 11 2005 14:09 GMT|
|Published||Jun 10 2005 11:34 GMT|
This program is written in Delphi, and not packed at all. It is a DLL file approximately 120KB in size.
It is unable to auto-install, and therefore requires a special installation program.
It functions as a key logger.
It will search the victim machine either for a window titled 'Lineage Windows Client' or Internet Explorer with a window open to any page of the gamania.com server. Keystrokes entered in these windows will be recorded in a file named c:\gamest1.txt. This file will include saved passwords. The file will then be sent, together with other information such as IP-address, to the remote malicious user.
This type of malicious program is designed to steal user account information for online games. The data is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.