| Aliases: | Trojan.Win32.Buzus.cezu (Kaspersky), Generic PWS.y!bbb (McAfee), Infostealer (Symantec) |
| Type of infiltration: | Trojan |
| Size: | 23040 B |
| Affected platforms: | Microsoft Windows |
| Signature database version: | 4491 (20091008) |
|
Short description
Win32/PSW.LdPinch.NLP is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine.
Installation
The trojan does not create any copies of itself.
Information stealing
Win32/PSW.LdPinch.NLP is a trojan that steals passwords and other sensitive information.
The trojan collects information related to the following applications:
- The Bat!
- ICQ
- &RQ
- Trillian IM
- RASDIAL
- The Bat!
- ICQ
- &RQ
- Trillian IM
- RASDIAL
- Total Commander
- Windows Commander
- Becky! Internet Mail
- Internet Explorer
- Microsoft Outlook
- Outlook Express
- CuteFTP
- E-Dialer
- Far
- WS_FTP Professional
- Opera
- Mozzila Firefox
- QIP
- Mozilla Thunderbird
- Mail.Ru
- Eudora
- Punto Switcher
- Gaim
- FileZilla
- FlashFXP
- Windows Live Messenger
- MSN Messenger
- VDialer
- SmartFTP
- CoffeeCup
- Direct FTP
- RapGet
- Rapidshare Instant Downloader
- Universal Share Downloader
- Windows Remote Desktop
- FTP Commander
The trojan collects the following information:
- operating system version
- user name
- computer name
- operating system version
- user name
- computer name
- list of disk devices and their type
- network adapter information
- list of running processes
- current screen resolution
- installed program components under [HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] Registry
subkeys
- CPU information
- memory status
The trojan can send the information to a remote machine.
The trojan contains a list of (1) URLs. The HTTP protocol is used.
Other information
The trojan interferes with the operation of some security applications to avoid detection.
