PDA

View Full Version : New phishing Trojan disguises illicit activity



aabhisheksirohi
August 16th, 2006, 12:26 PM
Beware for those who use online shopping,banking sites!!

Web security firm Websense has warned users of a new phishing Trojan that is able to disguise its activity.

The Trojan installs itself as an Internet Explorer browser helper object, then waits for the user to enter information in specific website forms, including those found on on-line banking sites.

The inputted information is then captured by the Trojan and sent to remote attackers who can use it to commit fraud.

What makes this Trojan different from others is that it sends the stolen data using ICMP packets.

Keylogging Trojans usually transmit stolen data via e-mail or HTTP POST commands, which can be more easily spotted by security software.

Websense said, "This Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet. To network administrators and filtering software, the ICMP packet looks like legitimate traffic."