Warning about a new phishing trojan line

Security experts have discovered a new trojan using a different communication procedure than other types of malware to send data to avoid detection.

The "unnamed" trojan sends stolen information back to spreaders through ICMP (Internet Control Message Protocol) procedures instead of email or HTTP procedures like other types of malware.

After successfully infecting the system, the trojan will impersonate an Internet Explorer Browser Helper Object (BHO) object and wait to steal the user's sensitive information when they enter the forms on the forms. webpage.

And instead of sending data through an email path or HTTP POST, the trojan encodes the stolen data and uses a simple XOR algorithm before putting the data into the PING ICMP datagram session. to send.

In the eyes of network administrators and data filtering devices, ICMP packets appear to be legitimate packets. However, it is in fact that the personal information of the user is encrypted. Trojans will take those packets and decrypt them from a remote server. They will get what they want.

This is the first type of trojan to use this procedure to send data. It is a proof that malicious software is becoming more and more dangerous.

Hoang Dung