|Detected||Nov 17 2002 20:00 GMT|
|Released||Nov 17 2002 20:00 GMT|
|Published||Oct 25 2006 12:18 GMT|
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file. It is written in Visual C++. The file is 14,336 bytes in size.
Once launched, the Trojan copies itself to the Windows system directory as "systemks.exe":
It then registers itself in the system registry:
This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
The Trojan also creates a file called "systemks.dll" in the Windows system registry:
This file intercepts information entered via the keyboard and writes it to a log file.
The Trojan will also track its repeated launch by search for a window with the heading “systemks”.
The Trojan intercepts information entered via the keyboard, determines the language it has been entered in, tracks window operations and then writes this information to the following file:
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.