Discovered: March 11, 2004
Updated: March 13, 2004 5:59:42 PM
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
Trojan.Etsur is a memory resident trojan that logs keystrokes and clipboard data. When the trojan is executed, it creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Mrvt\IDWin = [string of digits representing the time of day]
It then deletes all URLs from the Internet Explorer cache.
The trojan also creates the following file to store captured information:
%Windir%\Inites.ini
Information stored in the above file includes:
URLs opened with Internet Explorer
Clipboard data
Keystrokes entered into websites with the following strings in their titles:
e-gold
Key
bank
PayPal
Sign In
Fleet
Citi
The trojan then uses its own SMTP engine to send the Inites.ini file at regular intervals to an email address hardcoded into the trojan.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine