Trojan Delivered Through Social Networking Site Toolbar

Researchers at McAfee, an online security solutions provider, have discovered a fresh online threat that conceals in a legitimate toolbar application for social networking. It launches an attack on the user's system to install a malicious backdoor Trojan.

In a post by Dennis Elser, a security researcher, on McAfee's Avert Team blog site on February 10, 2009, the researcher notes that the freshly uncovered attack aims at visitors to a German site using the Web 2.0 technology. When the attack takes place, the said toolbar pertaining to StudiVZ a student social networking medium is packed with the already familiar Backdoor-CEP Trojan variant.

Elser writes that among various malevolent acts, the backdoor intercepts everything appearing on a user's screen, capturing screenshots, and recording keyboard strokes are very critical functions, as reported by Security Watch on February 18, 2009. Elser adds that on an initial glance, the consciously changed installer appears perfectly innocuous, particularly because it rejects doing anything malicious.

However, behind the screen, there takes place a number of unacceptable activities, said Elser, as reported by McAfee on February 10, 2009. These include injection of the malicious code by the installer into processes running on the system or the same activating a legitimate process in a state of suspension. Subsequently, the installer un-maps all the content within the process and re-maps new malevolent content before resuming it again.

McAfee also cautions that antivirus software are unable to detect this malicious program, as it is decrypted and injected into the system's memory rather than getting it written onto its hard disk.

Furthermore, once the installer finishes its preliminary activities, it automatically executes Internet Explorer to access StudiVZ. Evidently, with the visibility of the freshly installed toolbar along with logos and controls on top, there arises a possibility that the user logs into the site.

Meanwhile, the Backdoor-CEP Trojan has already contaminated several running processes and installed its payload to tap and record the user's keystrokes, with its key purpose is to steal the credentials of the users of StudiVZ.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 2/28/2009