Alias: Win32/Phish-Potpor.Trojan
Category: Win32
Type: Trojan
Published Date: 2/24/2004
Last Modified: 2/25/2004
CHARACTERISTICS
Win32.Potpor is a trojan that sends spam and is designed to impersonate Visa in an attempt to phish (steal) victim's Visa card details. It is written in C and is 552,960 bytes in size.
Method of Installation
The sample of Potpor that was received by CA uses the filename lpconfig.exe, although please note that this could vary between samples.
Potpor does not install itself on a victim's machine.
Payload
Edits Hosts file
The Hosts file contains the mappings of IP addresses to host names. On XP, 2000 and NT systems the hosts file is located at %System%\drivers\etc\hosts: on 9x systems the hosts file is located at %Windows%\hosts.
More: http://www3.ca.com/virusinfo/virus.aspx?ID=38394

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic