Internet threat level: 1
Home→Descriptions→Trojan-PSW.Win32.LdPinch.rn
Trojan-PSW.Win32.LdPinch.rn
| Detected | Jul 23 2005 10:39 GMT |
| Released | Jul 23 2005 11:49 GMT |
| Published | Aug 04 2005 13:07 GMT |
Technical Details
This Trojan belongs to a family of Trojans written with the aim of stealing user passwords. LdPinch is designed to steal confidential information. The Trojan itself is a Windows PE EXE file approximately 17KB in size, packed using UPX.
When installing, the Trojan copies itself to the Windows system directory as “svc.exe”:
%System%\svc.exe
It then registers this file in the system registry, ensuring that the Trojan file will be executed each time Windows is rebooted on the victim machine.
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "System" = "%System%\svc.exe"
The Trojan harvests information about the infected system, and login names and passwords for a range of services and applications, including AOL Instant Messenger and ICQ.
This information is then sent to the remote malicious user by email.
The Trojan will also send a link pointing to its own file to all contacts in the ICQ contact list.
It will terminate a range of processes connected with firewalls and antivirus solutions.
Trojan-PSW programs are designed to steal user account information such as logins and passwords from infected computers. PSW is an acronym of Password Stealing Ware.
When launched, a PSW Trojan searches system files which store a range of confidential data or the registry. If such data is found, the Trojan sends it to its “master.” Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.
Some such Trojans also steal registration information for certain software programs.
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.