Troj/Sniffer-P is a Trojan for the Windows platform.
Troj/Sniffer-P monitors network traffic for email addresses. Harvested addresses are submitted to a preconfigured server using HTTP.
Troj/Sniffer-P typically consists of the following set of files:
<System>\Packet.dll
<System>\WanPacket.dll
<System>\drivers\npf.sys
<System>\msfeed.exe
<System>\sevices.exe
<System>\wpcap.dll
The files sevices.exe and msfeed.exe are detected as Troj/Sniffer-P. The file npf.sys is a clean Netgroup Packet Filter driver component of WinPcap. The other files are detected as Mal/Packer.
Troj/Sniffer-P may be used to modify the ARP table of other computers on the network of the infected computer in order to intercept network traffic, and may sniff data and inject code into packets.