Infostealer.Ldpinch.H is a Trojan that can steal File Transfer Protocol (FTP) account details from victim and sends the gathered data to a remote computer. Author of this Trojan intend to use stolen credentials for succeeding attack. This threat can also make changes to system settings and add an entry to Windows registry.
Alias: Trojan.Win32.Pakes, Trj/Pakes.EB, Trojan.Pakes!ct, Trojan:Win32/Chksyn.gen!A, Trojan.Win32.Pakes.jwi, W32/Trojan2.DJAO, Trojan.PWS.Lich.A, Win32/PSW.Chill, Win-Trojan/Pakes.33056, TROJ_PAKES.ATE, W32/Smalltroj.FPFH, TROJ_BUZUS.MM
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
When run on the computer, this Trojan will create a .DAT file under System folder of Windows. It will also replace a legitimate userinit.exe file with a malicious copy that will able to execute itself when Windows starts. Then, it will create a bunch of registry entries that are essential to initiate its actions inside the infected PC.
Infostealer.Ldpinch.H will search the infected unit for saved File Transfer Protocol (FTP) accounts. It is capable of gathering user name and password even on encrypted data. The Trojan will send stolen credentials to an assigned web address.
This Trojan carries a payload that may be useful for author’s next planned attack. It modifies certain configuration launch the Trojan whenever the affected program is opened.
Infostealer.Ldpinch.H is a Trojan that has no capability to spread own code to other neighboring systems. Innocent user may download this type of infection from the Internet, typically on infected web site. Moreover, authors can attach a copy of this Trojan on spam email messages that will use victim’s computer to mass-mail a copy of it.