Home / malwarePDF  

Trojan-PSW:W32/Steam


First posted on 11 April 2009.
Source: SecurityHome

Aliases :

There are no other names known for Trojan-PSW:W32/Steam.

Explanation :

This type of trojan steals passwords and other sensitive information. It may also secretly install other malicious programs.

Additional DetailsTrojan-PSW:W32/Steam is a generic description for a family of password-stealing trojans that captures keystrokes on the infected machine and sends the collected information to the attacker(s).

Activity


Once the trojan is executed, it nstalls a keylogger program to record keystrokes entered into the infected machine. The captured information is encrypted and stored on the machine's physical drive. The trojan will then send the log file to the attacker(s).

The encrypted file can only be viewed by a built-in view if the variant creating the file is generated by a backdoor's client application. For example, a variant generated by Backdoor:W32/PoisonIvy includes a built-in viewer allowing the encrypted file to be viewed.

Some Steam variants also include the following functionalities:

• A component that monitors browser activity and only captures keystrokes entered when specific e-commerce or banking websites are visited • The ability to capture screenshots, allowing them to bypass some graphic-based security features • The ability to inject their code into a running Windows application to perform further malicious activities, such as downloading and executing other malicious files from Internet

Last update 11 April 2009

 

TOP