It harvests passwords and other data stored by Protected Storage or certain email clients, and obtains other data such as the IP address or geographic area of the affected computer. Then, it publishes the gathered information in certain servers.

Windows 2003/XP/2000/NT/ME/98/95

Sinowal.CR is a Trojan that harvests information from the affected computer, such as passwords and other data stored in Protected Storage, as well as in the email clients Ak-Mail, Eudora and The Bat, among others.

Additionally, it obtains other information such as IP address, name, geographic area, opened ports, etc.

Then, it publishes the gathered data in certain servers.

Sinowal.CR does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Sinowal.CR is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.