Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Win32.PotPor

Feb 25, 2004 12:19AM PST

Alias: Win32/Phish-Potpor.Trojan
Category: Win32
Type: Trojan
Published Date: 2/24/2004
Last Modified: 2/25/2004

CHARACTERISTICS
Win32.Potpor is a trojan that sends spam and is designed to impersonate Visa in an attempt to phish (steal) victim's Visa card details. It is written in C and is 552,960 bytes in size.

Method of Installation
The sample of Potpor that was received by CA uses the filename lpconfig.exe, although please note that this could vary between samples.

Potpor does not install itself on a victim's machine.

Payload
Edits Hosts file
The Hosts file contains the mappings of IP addresses to host names. On XP, 2000 and NT systems the hosts file is located at %System%\drivers\etc\hosts: on 9x systems the hosts file is located at %Windows%\hosts.


More: http://www3.ca.com/virusinfo/virus.aspx?ID=38394

Discussion is locked