Win32/Spy.Agent.NYU [Threat Name] go to Threat
Win32/Spy.Agent.NYU [Threat Variant Name]
|Detection created||Apr 03, 2012|
|Signature database version||8525|
The trojan serves as a backdoor. It can be controlled remotely.
When executed, the trojan copies itself into the following location:
The trojan creates the following file:
The file is a shortcut to a malicious file.
This causes the trojan to be executed on every system start.
Win32/Spy.Agent.NYU is a trojan that steals sensitive information.
The trojan collects the following information:
- login user names for certain applications/services
- login passwords for certain applications/services
- web browser history
The following programs are affected:
- Internet Explorer
- Microsoft Outlook
- Mozilla Firefox
- Windows Live
The following information is collected:
- user name
- computer name
- operating system version
- memory status
- list of computer users
The trojan can send the information to a remote machine.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a URL address. The TCP, HTTP protocol is used.
It can execute the following operations:
- log keystrokes
- watch the user's screen content
- capture screenshots
- download files from a remote computer and/or the Internet
- send files to a remote computer
- run executable files
- execute shell commands
- update itself to a newer version
- send the list of running processes to a remote computer
- terminate running processes
- send the list of disk devices and their type to a remote computer
- send the list of files on a specific drive to a remote computer
- move files
- delete files
- create folders
- simulate user's input (clicks, taps)
- capture webcam video/voice