Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Phish-Potpor (trojan)

Feb 16, 2004 5:00AM PST

Trojan Information
Discovery Date: 02/16/2004
Origin: Unknown
Length: 552.960 bytes
Type: Trojan
SubType: Phishing

This is a detection for a new trojan that sends out a huge amount of EMails asking the recipient update his Visa Card contact information including card number, name, expiration date and PIN.

When executed, the trojan copies itself to %windir% folder using the filename "LPCONFIG.EXE". It creates a registry key so it gets started on system boot:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "ipconfig" = c:\winnt\lpconfig.exe

The emails have these properties:

From: "VISA" [support@visa.com]
Subject: "VISA Announcement!"
To: addresses are randomly generated based on a long list of names hardcoded within the trojan.

Mailbody:

Read more:
http://vil.nai.com/vil/content/v_101028.htm

Discussion is locked