Spotlightingnews

SCI/Tech

Panda Labs Warns About Spymaster.A

The malware combines spyware and keylogger characteristics

PandaLabs has detected the appearance of Spymaster.A, a Trojan designed to steal all types of information from computers. It combines spyware and keylogger characteristics, enabling it to capture everything from information about users' Internet usage to user names and passwords entered for services such as online banking. Moreover, it can stealthily pass itself off as the MSN Messenger application so that users remain unaware of its dangerous presence on their systems.

As with most Trojans, Spymaster.A is not able to spread by itself, and therefore needs the intervention of a malicious user. It can reach computers as an attachment to email messages, or could be downloaded from web pages, P2P applications, instant messaging systems or infected CDs or diskettes.

After it reaches a computer, should a user run the file that contains Spymaster.A, a copy of this Trojan is created as a file called syscont.exe. The process associated to this file has the name Win servico. However, it uses a stealth system by which if the user views active processes in the task manager, they will only see it as a process supposedly corresponding to MSN Messenger. This process actually hides the actions of Spymaster.A. Similarly, it creates several Windows registry entries to ensure that it runs every time the computer starts up.

The Trojan also creates a text file called syslogy.cc. This file stores data on the programs used on the computer, web pages visited and all information entered on the keyboard. This is the file that will be sent, via FTP, to an address from which the attacker can collect it.

According to Luis Corrons, director of PandaLabs: "Keylogger Trojans are usually used by cyber-crooks to steal confidential information for fraudulent purposes. Given that, nowadays, financial gain is the main motivation for the creators of malicious code, it is almost certain that more examples will appear, and that they will be increasingly sophisticated and difficult to detect. The way that Spymaster.A hides the process in memory is a good example of this."

Related News

» New Worm Spread On P2P Networks
» AOL AIM Hit By W32.pipeline Worm
» Top Ten Cybercrime, Viruses and Spyware Of 2005
» Microsoft Releases Internet Exploer Patches
» Symantec Warns About New Windows Metafile Vulnerabilities
» Trojan Viruses On Mobile Phones
» AOL Offers New Anti-Spyware Software
» WWW or the Internet’s Most Popular Service

User Box

» Send to friend
» Print view
» Contact Editor

Search







Posted at 09:41:54 MST (GMT -0700), Tuesday January 10th, 2006
Comments
Announcement the SpotlightingNews team Posted on Wednesday January 25th, 2006, 10:00:00 EST
We are sorry to announce that we have decided to temporarily disable the comments system from the SpotlightingNews website.

We noticed our users do like to comment and discuss on certain matters, and we added the comment system as you probably noticed or used it. However, some users have been abusing it by spamming, posting off-topic or starting flame wars.

The comment system on this website was meant to allow users to discuss on the topic, add a personal view to objective stories.

The SpotlightingNews team is currently working on a better comment system that will attempt to increase the overall level of comments.

Meanwhile, you can still have your say through our contact page.


Thank you,
The SpotlightingNews team