Once completely installed on a system, Cimuz.EL steals and stores data about the affected computer: e-mail and other programs' passwords, hardware and software data, IP, location, etc.
This Trojan is also designed to monitor users' Internet activity. It does this by injecting a DLL in Internet Explorer. In this way, it manages to capture all the data that users enter in online forms (credit card numbers, passwords, etc.). All this information is then sent periodically to the malware creator through a server.
"The characteristics of this malware and the speed with which it is spreading make this one of the most dangerous members of the Cimuz family," explains Luis Corrons, technical director of PandaLabs. "Its ability to steal all signs of information, regardless of whether it is useful or not, highlights the interest of cyber-crooks to exploit every infection in order to gather as much data as possible.
"This Trojan cannot spread by itself, but uses numerous other channels to propagate: Internet downloads, CDs, infected memory sticks, e-mail, etc. For this reason it is essential not to run any file that arrives from unreliable sources," warns Corrons.
