The Trojan may arrive on the compromised computer through a compromised website or third party software.
When the Trojan is executed, it modifies the following file:
The Trojan modifies the hosts file on the compromised computer so that when a user requests a certain website they are redirected to a malicious site in order to carry out a phishing attack.
The following websites are targeted in this attack:
The Trojan may also download additional malware from compromised websites.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":