|Detected||Aug 02 2006 15:46 GMT|
|Released||Aug 02 2006 15:46 GMT|
|Published||Oct 03 2006 11:42 GMT|
This Trojan is designed to install other Trojan programs to the victim machine without the knowledge or consent of the user. The program itself is a Windows PE EXE file 717 488 byes in size. The file is 717,488 bytes in size.
Once launched, the Trojan extracts two Windows PE EXE files from itself. These files are saved to the Windows temporary directory as "Pinch.exe" (21 398 bytes in size, will be detected by Kaspersky Anti-Virus as Trojan-PSW.Win32.LdPinch.ato) and "icq_f.exe" (626 176 bytes in size, will be detected by Kaspersky Anti-Virus as IM-Flooder.Win32.Delf.g). Both files are then launched for execution.
Pinch.exe intercepts passwords to a range of Internet programs.
icq_f.exe floods instant messaging networks.
Every 10 seconds, the program will cause an image contained adult content to be displayed.
The Trojan is designed to give the user the impression that s/he is using a flooder program. However, at the same time a password stealing Trojan will be installed on the system.
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to: