The Trojan may arrive on the computer by way of a Trojanized program.
When the Trojan is executed, it checks for installed versions of Tencent QQ and, if found, pops up a fake Tencent QQ login screen.
If the user enters login data, the Trojan creates the following file:
The Trojan then steals the following information from the compromised computer:
- Tencent QQ account number
- Tencent QQ password
The Trojan sends the stolen information to the following location:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":