Trojan detection 'bot' takes advantage of WMF errors

A security firm, on March 22, revealed information about one of the most complex 'bot' programming trojans ever.

According to the security firm, the trojan has begun to spread online and infect unprotected systems for months. An estimated more than one million computers have been infected.

The main goal of this trojan is still to steal the user's online bank account.

Security firm iDefense said the trojan is now available in various variants such as "MetaFisher" or "Spy-Agent" that has been "free to travel" for months.

Ken Dunham, director of iDefense's quick response team, said: ' MetaFisher has hacked into hundreds of thousands of computers and stolen millions of online bank accounts .'

This kind of trojan still uses the popular e-mail spread. Take advantage of the Windows Metafile security vulnerability (WMF) to make a "secret" sudden on a user's computer when they visit dangerous websites with links in emails.

Once successfully hacked into the system, the trojan will automatically turn the "victim" PC into a "bot" - also known as a remote-controlled computer. Dunham calls this the most complex trojan bot ever.

MetaFisher uses HTML injection techniques to trick the information every time a user logs into their online bank account.

Currently, MetaFisher only targets the banks of Spain, England and Germany and its customers.

iDefense has successfully unlocked the encryption technique used to mask data network traffic passing back and forth between bots and the device that controls them to conduct monitoring for several weeks. iDefense then passed on information to the parent company VeriSign - the company is closing down dangerous websites containing the trojan.

It can be said that bot is becoming one of the leading tools of cyber criminals in stealing personal financial information from users. This is a trend that is developing strongly.