Warning about a new phishing trojan line
Security experts have discovered a new trojan using a different communication procedure than other types of malware to send data to avoid detection.
The "unnamed" trojan sends stolen information back to spreaders through ICMP (Internet Control Message Protocol) procedures instead of email or HTTP procedures like other types of malware.
After successfully infecting the system, the trojan will impersonate an Internet Explorer Browser Helper Object (BHO) object and wait to steal the user's sensitive information when they enter the forms on the forms. webpage.
And instead of sending data through an email path or HTTP POST, the trojan encodes the stolen data and uses a simple XOR algorithm before putting the data into the PING ICMP datagram session. to send.
In the eyes of network administrators and data filtering devices, ICMP packets appear to be legitimate packets. However, it is in fact that the personal information of the user is encrypted. Trojans will take those packets and decrypt them from a remote server. They will get what they want.
This is the first type of trojan to use this procedure to send data. It is a proof that malicious software is becoming more and more dangerous.
Hoang Dung
- The Trojan pretends to
- Plug-in helps detect phishing websites
- Appeared a fake Google Toolbar trojan
- New Trojan threatens Windows Mobile devices
- Trojan forged Microsoft security warnings
- Appears a trojan ...
- Code for creating dangerous trojans is being sold
- Phishing website grows 166% / month
- The fake Trojan add-on Trojan is extremely dangerous
- Safe when browsing the web and downloading files
- Damage caused by phishing established a new record
- The new Trojan bypasses the virtual keyboard face