Home / malware PWS:MSIL/Lezquatel.A
First posted on 12 October 2010.
Source: SecurityHomeAliases :
There are no other names known for PWS:MSIL/Lezquatel.A.
Explanation :
PWS:MSIL/Lezquatel.A is a password stealing trojan that steals QQ user credentials.
Top
PWS:MSIL/Lezquatel.A is a password stealing trojan that steals QQ user credentials. PWS:MSIL/Lezquatel.A displays a fake QQ login page in order to steal the infected user's credentials; below is an image of the fake login page the trojan displays: When the affected user clicks the login key, t he username, password and version of the malicious software is saved to C:\sys.sys. PWS:MSIL/Lezquatel.A uses FTP (File Transfer Protocol) to copy C:\sys.sys to the malicious host; the data transferred includes details of the affected user's username and stolen credentials, today's date and a random number on the end with a .txt file extension. Once the C:\sys.sys has been sent to the remote attacker, the file is deleted. Lastly, a fake error message box is displayed.
Analysis by Michael JohnsonLast update 12 October 2010
