This Trojan steals user passwords. It is a VBScript virus. The file is 977 bytes in size. The Trojan can be found on webpages. It steals passwords from Win9x systems.
Once a page containing malicious code has been opened, the Trojan will search directories on the C: drive for files with a *.pwl extension. (These files are used in Win9x systems to store user passwords).
It then uses an ActiveXObject “MSMAPI.MAPISession” to send the passwords to the remote malicious user’s email address (firstname.lastname@example.org). The message will have the following subject:
“this is test for lame”
and contains the following text:
“hello my friend(c)onehalf***4:”.