Updated: February 13, 2007 11:37:24 AM
Type: Spyware
Publisher: ssppyy.com
Risk Impact: High
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.Ssppyy runs, it performs the following actions:
- Creates the following files:
- %System%\clrprv.oo\dpserver2.dll
- %System%\clrprv.oo\register.exe
- %System%\clrprv.oo\ScrCapt.exe
- %System%\clrprv.oo\server.exe
- %System%\clrprv.oo\serverd.exe
- %System%\clrprv.oo\update.exe
Note: %System% is a variable: The spyware locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Adds the value:
"pcServer" = "%System%\clrprv.oo\server.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Allows an attacker to perform any of the following actions:
- Monitor the emails transmitted through Hotmail, Yahoo, AOL, Excite, and Outlook and forward the emails to a predefined email address.
- Download, upload, execute, and delete files.
- Steal passwords.
- Log keystrokes.
- Monitor Web sites visited and instant messaging communications.
- Capture screenshots.
- Sends the logged information to a predetermined email address.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
