Pinch Trojan Beating Signature-based Antivirus Solutions
Security company Prevx has detected a new version of a notorious Trojan virus dubbed as 'Pinch'. Criminals behind this program has unleashed it onto the Internet to create customized trojans capable of compromising ICQ, e-mail as well as other confidential data, explains the company.
The company also said that a large-scale infection was spreading on account of the Trojan in spite of the arrest of its creators a year or more ago. The reports state that the Trojan's two creators Farkhutdinov and Ermishkin were arrested and taken under police custody in Russia back in 2007.
Moreover, the data from Prevx reveals that over 4,000 users came in contact with the Trojan and had their computers infected on February 3, 2009.
Among these 4,000 users, 392 belong to the USA, 335 to Brazil, 93 to China and 73 to the UK. Besides, of the 4,000 users infected, over 150 had antivirus software already running on their systems, implying that despite a year's existence of the virus code, it was still able to evade conventional signature-based antivirus, according to the data.
Director of Malware Research at Prevx, Jacques Erasmus, states that the data reflects an interesting aspect of today's world of malware creators, as reported by SCMagazine on February 4, 2009.
Erasmus added that by just procuring the malware toolkit online and then using it to customize the variant, the Trojan's owner managed to bypass leading antivirus solutions to steal passwords, credit card numbers and other private information from end-users.
He further said that the source code of the particular Trojan had been posted on forums so that it got passed around. According to Erasmus, he has seen 2-3 variants of the malware per day being created and put to examination either on legitimate products or on virus-laden Internet sites.
However, with Pinch's potential of multiple variants, Prevx explains how the approach with signature antivirus is not adequate. According to the company, a complementary approach is required in which the antivirus can spot the malicious program employing a technique that is less typical and more varied.
Related article: Pinch to Create Information-stealing Trojans
» SPAMfighter News - 20-02-2009