Researchers from Microsoft’s Malware Protection Center have analyzed a clever Trojan downloader dubbed TrojanDownloader:Win32/Nemim.gen!A.
Once it infects a computer, the downloader retrieves two component files: Virus:Win32/Nemim.gen!A and PWS:Win32/Nemim.A.
The first component is a file infector that’s designed to infect executable files from removable drives, while the second component is a password stealer that can harvest passwords for email accounts set up in the system, Live Messenger, Google Talk, Google Desktop and Google Notifier.
Once these two components achieve their goals, the downloader will delete them in a manner that makes them unrecoverable. This way, the cybercriminals can make sure researchers can’t analyze their creation.
Microsoft experts advise users whose computers have been infected with this piece of malware to change all their passwords since it’s likely that they’ve been stolen by the malicious element.