Security Experts Warn Computer Users Against “Tigger” Trojan

Since detection in November 2008 by iDefense, a security intelligence company, Tigger.A (also known as Syzor) has made 250,000 victims by stealing their data secretly, forcing security experts to release a warning to save people from being infected by it.

Astonishingly, Tigger.A gives hackers administrator privileges on Windows system even though these privileges are not accessible to user himself. The data-stealing malware exploits vulnerability (MS08-066) in "privilege escalation" feature of Windows which was patched by Microsoft in October 2008.

Security experts have said that this is one of the most advanced and sophistically designed malware they have come across, both in terms of disguising itself and efficiency in data-gathering operations. As per the received reports, the Trojan has the potential to attack and remove existing malware on the system such as fake security software. This feature of malware is primarily due to its stealth nature, while other malware (noisier) make user susceptible about the infection in their systems.

Moreover, security experts at French-based site SecuObs.com revealed that Tigger is so powerful that it can disable security programs, including Windows Firewall, Windows Defender, Outpost and Kaspersky. Following disable of security programs, it takes screen shots, log keystrokes, pinch passwords and steal web cookies to siege information.

iDefense further says that Tigger implants a rootkit on the targeted system even though the system is logged-in "Safe Mode".

Malware creators seemed to have designed Tigger to target specific group of computer users comprising employees or customers of stock and trading firms, said Michael Ligh, Security Analyst at iDefense, as reported by WashingtonPost on February 24, 2009. He further disclosed the list of institutions targeted by Tigger which includes Scottrade, E-Trade, TD Ameritrade, ING Direct ShareBuilder, Options XPress and Vanguard.

Ligh further said that it was unfortunate that none of the security company succeeded to track the spreading of Tigger. But there are indications that authors who developed Srizbi botnet might be involved in the creation of the malware.

Finally, the security experts said that Tigger exhibited the sophistication level malware writer reached and the urgency to adopt the multi-layered approach to security.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 3/9/2009