English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-PSW.Win32.PdPinch.gen

Trojan-PSW.Win32.PdPinch.gen

Detected Apr 14 2010 14:57 GMT
Released Apr 16 2010 06:09 GMT
Published Jun 01 2005 09:59 GMT

Technical Details

This family of Trojan programs steals confidential information from the victim machine, including files containing configuration details which contain passwords. Although passwords are normally saved in an encrypted form, the encryption used is very weak.

Programs from this family steal files containing settings for the following programs and services:

  • &RQ(IRQ)
  • Becky! Internet Mail
  • Cute FTP
  • EDialer
  • FAR (ftp plugin info)
  • Microsoft Outlook
  • Mirabilis ICQ
  • Miranda ICQ
  • Mozilla
  • Opera
  • The Bat!
  • Total Commander
  • Trillian Messenger
  • WS_FTP
  • RAS Windows service information

A temporary file named C:\out.bin is created, and all harvested information will be unpacked and reencrypted. The file is then sent to an email address with the message subject 'Passes from Pinch 2(<host name>)'

This family of programs has no malicious payload. The executable file is usually less than 20KB in size.



Print
Bookmark and Share
Share
Trojans
Trojan-PSW

Trojan-PSW programs are designed to steal user account information such as logins and passwords from infected computers. PSW is an acronym of Password Stealing Ware.

When launched, a PSW Trojan searches system files which store a range of confidential data or the registry. If such data is found, the Trojan sends it to its “master.” Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.

Some such Trojans also steal registration information for certain software programs.


Aliases

Trojan-PSW.Win32.PdPinch.gen (Kaspersky Lab) is also known as:

  • Trojan: Generic PWS.y!cqm (McAfee)
  • Mal/Packer (Sophos)
  • Heuristic.WinPE-Statistical (Panda)
  • W32/Heuristic-210!Eldorado (FPROT)
  • PWS:Win32/Ldpinch (MS(OneCare))
  • Trojan.PWS.LDPinch.1607 (DrWeb)
  • Win32/Kryptik.EWX trojan (Nod32)
  • Packed/FSG (VirusBuster)
  • Win32:LdPinch-BRB [Trj] (AVAST)
  • Trojan-PWS.Win32.PdPinch (Ikarus)
  • Win32/Ngvck.BQ (AVG)
  • TR/Crypt.PEPM.Gen (AVIRA)
  • Infostealer (NAV)
  • Suspicious_F.gen (Norman)
  • Trojan.PSW.Win32.LdPinch.sh (Rising)
  • Trojan-PSW.Win32.PdPinch.gen [AVP] (FSecure)
  • Mal_Bits (TrendMicro)
  • Trojan-PWS.LDPinch (Sunbelt)
  • Packed/FSG (VirusBusterBeta)

© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search