But that's not the real point. This is a snatch and grab. Before the window is rendered, the application will fetch the Bitcoin wallet.dat file (if it exists) from this location:
%Documents and Settings%\\AppData\Roaming\Bitcoin\wallet.dat
Coinbit.A then attempts to send the wallet.dat to a @hotmail address via a Polish SMTP server. The .pl server address is hardcoded. Reportedly, the password of the server account has been changed so this variant is no longer effective.
Performing a search for the hardcoded @hotmail recipient e-mail address leads one to this thread at bitcoin.org's forum.
It appears the pickpocket posted links in the forum's chat application. If the forum members clicked the link and downloaded the trojan, they risked losing their wallets.
To quote a forum member:
"No doubt that sucker is going straight for your wallet.dat" "People will loose coins from this!"