Forum latest

New phishing Trojan found
Written by Daniel   
Wednesday, 09 August 2006 08:00
     Websense® Security Labs™ has received a sample of a new phishing Trojan that delivers stolen information back to the attacker via ICMP packets. Upon infection of a victim's computer, the Trojan will install itself as an Internet Explorer Browser Helper Object (BHO). The BHO then waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

The method of network transport used by the attacker makes this Trojan unique. Typically, keyloggers of this type will send the stolen information back to the attacker via email or HTTP POST, which can appear suspicious. Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet.

To network administrators and egress filters, this ICMP packet looks like legitimate traffic leaving the network. However, the ICMP packet actually contains encoded personal information entered by a user. The attackers presumably capture this packet at their remote server, where the packet is easily decoded to reveal the information entered by the user.



See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either