contents

software
 
New Therat.B Trojan Detected

PandaLabs has informed about the new Trojan Therat.B. This malicious code is designed to steal all types of passwords. However, it also has an extremely dangerous function, which is the capacity to steal the passwords that could be stored in the AutoComplete feature in the user's Internet browser. By simply entering one or two characters of usernames or passwords, this feature automatically completes them in forms for accessing the most common Internet services used by the user.

To do this, it accesses an entry in the Windows Registry where this information is logged. Although it is encrypted, applications are available that are designed to decrypt it.

Furthermore, Therat.B has a keylogger function. This means that it logs the keystrokes entered by the user through the keyboard, which could contain interesting information for the cyber-criminal: user names, passwords, bank account numbers or credit card numbers, PINs, etc.

"This is yet another example of how cyber-criminals combine several functions in one malicious code to exploit each infection they cause to the full. In this case, the keylogger function has been combined with theft of information stored in certain parts of the computer. By doing this, they ensure that they get at least some confidential data from each successful attack", explains Luis Corrons, Technical Director of PandaLabs.

Once installed on the computer, the Trojan creates several files in the Windows system directory. These files include SOCKETIME.EXE, which is a copy of the Trojan, and 32THERAT.LOG, in which it stores the stolen information. This information is then sent to the cyber-criminal at a predetermined email address.

Therat.B also modifies an entry in the Windows Registry in order to ensure it is run whenever the computer is restarted.

This Trojan is not designed to spread through its own means, and therefore, needs intervention from a malicious user to do so. Therefore, it could be found in all types of email messages, files downloaded from the Internet or P2P networks, etc.



write your comments about the article :: © 2007 Computing News :: home page