Trojan Information
Discovery Date: 02/16/2004
Origin: Unknown
Length: 552.960 bytes
Type: Trojan
SubType: Phishing
This is a detection for a new trojan that sends out a huge amount of EMails asking the recipient update his Visa Card contact information including card number, name, expiration date and PIN.
When executed, the trojan copies itself to %windir% folder using the filename "LPCONFIG.EXE". It creates a registry key so it gets started on system boot:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "ipconfig" = c:\winnt\lpconfig.exe
The emails have these properties:
From: "VISA" [support@visa.com]
Subject: "VISA Announcement!"
To: addresses are randomly generated based on a long list of names hardcoded within the trojan.
Mailbody:
Read more:
http://vil.nai.com/vil/content/v_101028.htm

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic