Date Discovered: 3/6/2004
Date Added: 3/24/2004
Length: 80,384 bytes
This detection is for a Win32 keylogging trojan written in Borland Delphi. It bears the following characteristics:
it is intended to log keystrokes on the victim machine
it contains its own SMTP engine to email the logged data to the hacker
the threat is likely to be received via a spammed email message encouraging the recipient to click on a link. This directs the recipient to a web page which contains a script trojan (most likely VBS/Inor ) intended to drop the keylogging trojan on the victim machine.
The trojan logs keystrokes together with the window title of the application in which the keystrokes were entered.
Indications of Infection
Existence of the files/Registry key detailed below.
Unexpected outgoing SMTP traffic (port 25) to:
This one tip will help you sleep better tonight
A few seconds are all you need to get a better night's rest.