Home | Switch to Full version | Figures | Payment systems | Banks | Plastic cards | Ecommerce-checked | Markets | Mobile finances | Investment industry | Caricatures | Fraud | Analytics | Other themes | Law aspects

“A serious enemy” Trojan steals all personal info from user PCs

November 15, 2010 - 2:49am
“A serious enemy” Trojan steals all personal info from user PCs

A new Trojan marked as "a serious enemy" is threatening corporate networks as it can be used as a corporate spying tool, warned the Internet security specialist BitDefender. The security vendor stated that Trojan.Spy.YEK sniffs for critical data and archives that may hold private information and sends them back to the attacker. It is a serious threat because the Trojan features both spying and backdoor capabilities, say BitDefender Malware Researchers Doina Cosovan and Octavian Minea.

"A spying malware in the local network of a company means danger and unfortunately the number of such threats is constantly increasing," the researchers said.

"With an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of meeting spots with the attacker," the researchers said.

"The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots of the ongoing processes."

Among the commands executed by Trojan.Spy.YEK are these: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension.

"Shortly put," the researchers said, "it uploads all the interesting data on a FTP server without the user's consent.

"The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEK a prime suspect of corporate espionage as it seems to target the private data of the companies".

Cosovan and Minea say that the Trojan can run, without problems, on all versions of Windows from Win 95 to 7.

"If you haven't done that already, this should be a good time to try an antivirus," they said.
 

Home | Switch to Full version | Figures | Payment systems | Banks | Plastic cards | Ecommerce-checked | Markets | Mobile finances | Investment industry | Caricatures | Fraud | Analytics | Other themes | Law aspects