This Trojan arrives as attachment to email messages spammed by another malware or a malicious user.
It may be dropped by other malware.
It may be downloaded unknowingly by a user when visiting malicious Web sites.
This Trojan connects to the following Web site(s) to download and execute a malicious file:
It saves the downloaded file(s) as the following:
(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)
It then executes the downloaded file(s). As a result, malicious routines of the downloaded file(s) are exhibited on the affected system.
Trend Micro detects the dowloaded file as TSPY_BANKER.LMG.
This Trojan runs on Windows 98, ME, NT, 2000, XP and Server 2003.
Analysis By: Jessa De La Torre