Updated: July 23, 2007 3:22:12 PM
Type: Spyware
Name: Stealth Chat Monitor
Version: 1.5 (build 93)
Publisher: Amplusnet
Risk Impact: High
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When the program is executed, it drops the following files:
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\AIMusers.usr
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\ICQusers.usr
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\MSNusers.usr
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\Skypeusers.usr
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\SysAllDaySysMessenger.xsl
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\Sysbk.bmp
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\SysMessenger.xsl
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\SystemChatErrors.txt
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\TestEmail.xml
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\Yahoousers.usr
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\SendEmail.exe
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\SystemChatHelp.chm
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\SystemMessenger.dll
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\SystemMessenger.exe
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\SystemMessengerUninstaller.exe
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\xcacls.exe
It also creates the following folders:
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\AIM
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\ICQ
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\MSN
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\Skype
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\Users
- C:\Documents and Settings\All Users\Application Data\SystemMessenger\Logs\Yahoo
Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"SystemMessenger" = "C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Application Data\SystemMessenger\SystemMessenger.dll" rdl"
It also creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\SystemMessenger
The program monitors chat conversations in the following clients:
It then sends the harvested information to a remote user.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
