Trojans rise in the virus war

By Matt Whipp

Posted on 12 Mar 2004 at 12:25

Net users are facing a Trojan wave as hackers seek ways into victims' bank accounts.

The war of the worms may have averted attention to the NetSky's, Bagles and MyDooms, but make no mistake, a recent surge of Trojans has its collective eyes on your bank account and personal information.

'There's no doubt that we are seeing an increase in interest amongst the malware writing community
in Trojan horses and hacking into remote computers. It is more and more common today to find a piece
of malware has a "phishing" payload designed to steal confidential data from the infected computer,' said Graham Cluley, senior technology consultant at Sophos. The company has issued alerts for five new Trojans in the last couple of days, with more discovered today.

For example, the latest, LDPinch-G, steals information on the infected computer's OS version, memory, CPU and so on, available drives (drive letter, type and free space), hostname and IP address, Windows folder volume information, installation details and data stored in the registry for selected software, including ICQ and Trillian, passwords and confidential information from 'Protected Storage', POP3 and IMAP server information, usernames and passwords, FTP usernames and passwords and RAS dial-up settings and then sends it back to the remote hacker.

'Once a backdoor has been placed on a computer, not only can information be stolen but in many cases the computer can be exploited for other purposes - such as sending spam. Something like 30 per cent of all spam is being sent unwittingly from innocent computers that have been compromised,' he warned. 'And some Trojans are being actively spammed out.'

The Trojans are mass-mailed by the thousands, rather than rely on the self-mailing abilities of a worm. 'A worm is too obvious,' said Cluley, as the media attention given to MyDoom, for example, meant that it didn't take long for the public to start recognising it. Instead the attackers rely on the same business model as spammers - the more you send out, the greater the likelihood of infections. 'Even if only 0.01 per cent run the Trojan, it can still be worthwhile,' said Cluley.

And they are using an array of methods to entice victims to run them. Bereb-B, for example, claims to be an X-box emulator that will let you play Xbox games on your computer.

Small-Al captures keypresses when the user visits websites containing commonly used banks and banking systems in the browser's title bar.

'It really highlights the need not just for antivirus on the desktop but also a personal firewall,' concluded Cluley.

For more information, visit the Sophos website.