Win32/Alemod is a family of data-stealing trojans. An installation of Win32/Alemod includes a trojan dropper and three files that the dropper installs: a dynamic-link library (DLL), a program that displays a Web-shortcut icon in the taskbar notification area, and a partial-uninstaller program. The trojan dropper infects the Windows system file wininet.dll in order to capture data from outgoing user web traffic. Win32/Alemod transmits the captured user data to other websites and places a hypertext link and other shortcuts to potentially malicious websites on the user desktop. Microsoft detects the infected wininet.dll file as Win32/Nsag.