PWS:Win32/Fignotok.A is a trojan that steals user names and passwords from particular applications, including from Instant Messaging (IM) programs.
Upon execution, PWS:Win32/Fignotok.A may drop a copy of itself in the Windows Temporary Files folder. This copy uses a variety of file names.
It also checks if it is being debugged and if so, will not continue its routine.
Steals user names and passwords
PWS:Win32/Fignotok.A attempts to steal stored user names and passwords from any of the following applications:
No-IP Dynamic Update Client (DUC)
Pidgin Instant Messenger
This information is then sent to a remote attacker by being posted to several websites. In the wild we have observed data being posted to the following domains:
Analysis by Elda Dimakiling
There are no obvious symptoms that indicate the presence of this malware on an affected machine.