[ news_security_news ]
Bots Hunting Bank Information
David Utter
Staff Writer
2006-03-28
 Insider Reports RSS Feed
Verisign's security research firm iDefense thinks the Metafisher bot (aka Spy-Agent and PWS) has a presence on a million computers and could leap into millions more.
The password-stealing Metafisher bot has been tracked for some time by iDefense according to an Enterprise ITPlanet report. Although iDefense has broken the encryption used by the bot for receiving FTP control commands from an attacker, it is not yet known how well iDefense's efforts to shutdown sites used by the bot have fared.
Symantec described PWSteal.Metafisher as " a Trojan horse that exploits the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability to download remote files. The Trojan also sends bank account and personal information to remote servers."
While patches exist for the flaw, there is concern that enough unpatched systems exist to worry security researchers about massive infections and attacks. Windows IT Pro posted as to why Metafisher is cause for concern:
[Ken Dunham of iDefense] said that what makes MetaFisher more dangerous than other phishing bots is its ability to use HTML injection techniques to gather sensitive financial information after a person authenticates to a targeted bank acount.
"MetaFisher has been spreading, under the radar, for months, compromising hundreds of thousands if not millions of accounts for financial fraud," said Dunham. "[It's] the most sophisticated bot to date, targeting financials in Spain, the United Kingdom, and Germany."
Symantec lists the Threat Metrics for Metafisher as low, as a patch exists and antivirus programs can detect the Trojan.
---
Tag: Metafisher |
Add to | DiggThis | Yahoo! My Web
Get all the updates in RSS: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
