high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | July 2008 (4.31) |
| Protection available since | 12 May 2008 15:06:43 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/LdPinch-RU is a password-stealing Trojan with backdoor functionality.
Troj/LdPinch-RU attempts to steal confidential information and send it to a remote location via HTTP or email.
The information that Troj/LdPinch-RU attempts to gather includes:
- keypresses (with the aid of a dropped keylogger DLL)
- computer details
- drive and volume information
- hostname and IP address
- information (including passwords and usernames) relating to selected applications installed on the computer, including: Miranda ICQ, mirabilis ICQ, The Bat!, Trillian, Windows Commander and Total Commander
- passwords and confidential information stored by the system in 'Protected Storage'
- POP3 and IMAP server information, usernames and passwords
- FTP usernames and passwords
- RAS dial-up settings
Troj/LdPinch-RU provides a backdoor server on a pre-configured port (the default is 2050). A remote intruder will be able to connect to this port and receive command shell access.
Troj/LdPinch-RU can arrive as a result of web browsing. Certain web pages may exploit vulnerabilities associated with Microsoft Internet Explorer to silently download and install/run the Trojan without user interaction.
Troj/LdPinch-RU includes functionality to:
- steal confidential information
- access the internet and communicate with a remote server via HTTP
When Troj/LdPinch-RU is installed the following files are created:
<Temp>\bot.exe
<Temp>\pinch.exe
<System>\drivers\ntndis.exe
<System>\drivers\ntndis.sys
The files ntndis.exe, bot.exe and pinch.exe are detected as Mal/Basine-C and the file ntndis.sys is detected as Troj/RKProc-F.
|
