PandaLabs has detected the appearance of Spymaster.A, a Trojan designed to steal all types of information from computers. It combines spyware and keylogger characteristics, enabling it to capture everything from information about users' Internet usage to user names and passwords entered for services such as online banking. Moreover, it can stealthily pass itself off as the MSN Messenger application so that users remain unaware of its dangerous presence on their systems.
As with most Trojans, Spymaster.A is not able to spread by itself, and therefore needs the intervention of a malicious user. It can reach computers as an attachment to email messages, or could be downloaded from web pages, P2P applications, instant messaging systems or infected CDs or diskettes.
After it reaches a computer, should a user run the file that contains Spymaster.A, a copy of this Trojan is created as a file called syscont.exe. The process associated to this file has the name Win servico. However, it uses a stealth system by which if the user views active processes in the task manager, they will only see it as a process supposedly corresponding to MSN Messenger. This process actually hides the actions of Spymaster.A. Similarly, it creates several Windows registry entries to ensure that it runs every time the computer starts up.
The Trojan also creates a text file called syslogy.cc. This file stores data on the programs used on the computer, web pages visited and all information entered on the keyboard. This is the file that will be sent, via FTP, to an address from which the attacker can collect it.
According to Luis Corrons, director of PandaLabs: "Keylogger Trojans are usually used by cyber-crooks to steal confidential information for fraudulent purposes. Given that, nowadays, financial gain is the main motivation for the creators of malicious code, it is almost certain that more examples will appear, and that they will be increasingly sophisticated and difficult to detect. The way that Spymaster.A hides the process in memory is a good example of this."
» New Worm Spread On P2P Networks
» AOL AIM Hit By W32.pipeline Worm
» Top Ten Cybercrime, Viruses and Spyware Of 2005
» Microsoft Releases Internet Exploer Patches
» Symantec Warns About New Windows Metafile Vulnerabilities
» Trojan Viruses On Mobile Phones
» AOL Offers New Anti-Spyware Software
» WWW or the Internet’s Most Popular Service