high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 10 September 2005 15:27:12 (GMT) |
| Last updated | 4 October 2005 10:27:55 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Perda-E is a password-stealing Trojan with backdoor functionality.
Troj/Perda-E attempts to steal confidential information and send it to a remote location via HTTP or email.
The information that Troj/Perda-E attempts to gather includes:
- keypresses (with the aid of a dropped keylogger DLL)
- computer details
- drive and volume information
- hostname and IP address
- information (including passwords and usernames) relating to selected applications installed on the computer, including: Miranda ICQ, mirabilis ICQ, The Bat!, Trillian, Windows Commander and Total Commander
- passwords and confidential information stored by the system in 'Protected Storage'
- POP3 and IMAP server information, usernames and passwords
- FTP usernames and passwords
- RAS dial-up settings
Troj/Perda-E provides a backdoor server on a pre-configured port (the default is 2050). A remote intruder will be able to connect to this port and receive command shell access.
Troj/Perda-E can arrive as a result of web browsing. Certain web pages may exploit vulnerabilities associated with Microsoft Internet Explorer to silently download and install/run the Trojan without user interaction.
Troj/Perda-E includes functionality to steal confidential information.
When Troj/Perda-E is installed it creates the file \%CurrentFolder%\aspr_keys.ini.
The following registry entry is created to run Troj/Perda-E on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
stdlib
<pathname of the Trojan executable>
|
