When the Trojan is executed, it creates the following files:
Next, the Trojan connects to the following remote location in order to report that the computer has been successfully compromised:
The [UUID] is an identifier unique to each version of the Trojan.
The Trojan then monitors network traffic and redirects transactions on certain online banking sites.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":