This memory-resident Trojan can be downloaded from a certain Web site.
When executed, it drops a copy of itself on the affected system. It also deletes and replaces the HOSTS file with a new one named
HOSTS.PRE.
This Trojan attempts to steal sensitive user information, such as user names and passwords, from
Banamex. It then uploads all stolen information to a certain IP address.
It checks for an Internet connection by connecting to a specific Web site.
It modifies the HOSTS file to redirect users to a phishing Web site every time they access sites with certain strings in their URLs.
More...