Scary trojan collecting “protected” login/password information
Here is a scary story about a new trojan that can infect PCs by exploiting IE flaws. The malware can then capture and send login credentials back to a “mothership.” Most notable is that SSL/TLS provides no protection since the data is captured before it is encrypted, and the fact that many antivirus products are slow at recognizing it.
Russian malware authors are finding new ways to steal and profit from data which used to be considered safe from thieves because it was encrypted using SSL/TLS. Originally, this analysis intended to provide insight into the mechanisms used to steal that data, but it became an investigation into the growing trend of malware sold not as a product, but as a service. Eventually it lead to an alarming find and resulted in an active law enforcement investigation.
Update: I have been reading this important article more carefully and I have prepared a summary essay.
Technorati Tags: security, SSL, trojan, malware, russian, virus
Posted: March 20th, 2007 under Security & privacy.
Comments: 2 |
3,329 views
Comments
Comment from Andrew
Time: March 23, 2007, 8:12 am
There is now a discussion about this on Slashdot.
Pingback from Andrew Patrick » One-time password security keys are here
Time: June 18, 2007, 11:44 am
[...] to conduct fraudulent transactions. These attacks are a big problem because of the huge number of Trojan programs that are circulating on the Internet. If a computer is compromised by a Trojan, then they keys [...]
Write a comment