When the Trojan is executed it creates the following files:
Next, the Trojan opens a back door on the compromised computer and connects to the following command-and-control (C&C) server:
It then steals contact information found on the compromised computer and sends it to the C&C server.
It saves the stolen information in the following file:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":