Virus:PHISH/CrediCard
Date discovered:28/08/2008
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:694.784 Bytes
MD5 checksum:1e009d912539cbd2b679a6769b63d9d1
IVDF version:7.00.06.83 - Thursday, August 28, 2008

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Steals information


Right after execution the following information is displayed:


 Backdoor Contact server:
The following:
   • http://jucre.com.br/**********/montagem.php

As a result it may send some information. This is done via the HTTP POST method using a PHP script.


Sends information about:
    • Collected information described in stealing section

 Stealing It tries to steal the following information:

–A form window is displayed as shown in the picture below:


 File details Programming language:
 The malware program was written in Delphi.

Description inserted by Andreas Feuerstein on Thursday, August 28, 2008
Description updated by Andreas Feuerstein on Thursday, August 28, 2008

Back . . . .