Posted 18 November 2006 - 02:44 PM
Discovered: November 3, 2003
Updated: November 4, 2003 03:26:39 PM PST
Also Known As: Trojan.PSW.Ldpinch.s [Kaspersky], PWSteal.Ldpinch
Type: Trojan Horse
Infection Length: 17,408 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Infostealer.Ldpinch is executed, it does the following:
1. Copies itself to %Windir%.
Note: %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
2. Adds the value:
to the registry key:
so that the Trojan runs when you start Windows.
3. Records the following information to a log file and then sends the information to the hacker at a hardcoded email address:
* User keystrokes
* System information
* User email accounts
* Passwords from the following programs:
o Trillian ICQ&AIM
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”― Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”