iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > ‘Sophisticated’ Trojans Found In The Wild
Search:
[ news_security_news ]

‘Sophisticated’ Trojans Found In The Wild



SecurityProNews
Staff Writer
2006-03-27

SecurityProNews: Insider Reports Insider Reports RSS Feed


Several security companies have issued warnings about two recent exploits that take advantage of weaknesses in Windows and Internet Explorer to steal user information, including passwords for access to bank accounts, email, and insurance information.

Sana Security warns of a rootkit and Trojan named rootkit.hearse, that gathers user information and send it to a server located somewhere in Russia. It appears to have been active since March 16th, tripling the amount of stolen data every day.

Found through and investigation of an in-the-wild worm named Win32 Alcra, the Trojan is hidden through rootkit technology and survives reboot, meaning it can stay on a computer indefinitely, being dormant until authentication procedures are initiated.

The Trojan does not rely on capturing keystrokes, but finds previously used account and password information, especially through Internet Explorer's autocomplete function. It has two pieces: a driver named zopenssld.sys; and DLL file named zopenssl.dll.

Sana Labs says if users are running Primary Respsonse SelfConnect, then their PC is already protected by the Active Malware Defense Technology v2 used in the product.

Also of major concern is a sophisticated Windows exploit security experts called MetaFisher, which hackers have been using to send scores of emails prompting recipients to visit malicious where the Trojan is installed. These sites use a Windows Metafile (WMF) exploit.

Also known as Spy-Agent and PWS, collects and sends bank account and personal information to remote servers. Security experts say this Trojan is a more sophisticated than most, specifically targeting users in the UK, Spain, and Germany.

"This is one of those big, under-the-radar threats that we've been concerned about" said iDefens's Ken Dunhamt. "There has been a trend away from big-bang attacks to very targeted and sophisticated attacks that take place right under your nose. This is one of them."





View All Articles by SecurityProNews




About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds