When the Trojan is executed, it creates the following files:
It then injects itself into explorer.exe.
The Trojan gathers information from Outlook and Exchange accounts on the compromised computer.
It then opens a back door.
The back door allows an attacker to perform the following actions:
- Upload, download, and run data
- Execute commands using a shell
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":