Cidrex Trojan Opens E-mail ids in ‘Yahoo,’ Uses CAPTCHA to secure them

Security researchers from Websense found the banking Trojan Cidrex in a fresh variant, which in addition to contaminating PCs for ripping sensitive information off end-users, managed in opening e-mail accounts in Yahoo utilizing CAPTCHA tests for ensuring that the accounts were secured.

Essentially, like Zeus in terms of operation, Cidrex represents a Trojan family that steals data. It targets Web-sessions, records their content and changes the same, in order to dig out details from the affected end-user.

The most recent Cidrex sample is spread through scam e-mails which contain condensed URLs linked up with the Blackhole attack toolkit. Successful attack results in the downloading and execution of the Cidrex onto a system.

Understandably, e-mail services on the Internet perform security checks for example with the CAPTCHA challenge towards confirming that the account registration is the handiwork of a human. But, it has been found that sometimes CAPTCHA challenges can be cracked using certain Web-server responsible for 'CAPTCHA cracking.' This, however, lets the bot-malware with just a few trials towards registering an e-mail id or account.

Usually, with strong CAPTCHAs, it can be real difficult for automated tools to create accounts, although specialists demonstrated how after merely six trials, the tool could crack the security system as well as become capable of opening an e-mail account in Yahoo. Moreover, incase of an incorrect string entered at the time of establishing an account, the user can get many more chances till success prevails.

The procedure for cracking CAPTCHA involves including CAPTCHA challenge graphics into the distantly-located CAPTCHA-cracking server after digging out those graphics from the Internet electronic mail registration form. The request made happens to be through an HTTP POST having one CAPTCHA graphic included in that server. If the server handles to treat that graphic, a response is produced within the JSON format while the textual outcome of the CAPTCHA makes a reaction to the given graphic.

Significantly, researchers have seen that the websites of Twitter, Facebook and several banking services get aimed at in this attack.

Furthermore, the malware as well has spamming software, which utilizes backdoor Trojans letting unauthorized browsing that helps open e-mail accounts for dispatching spam.

» SPAMfighter News - 2/8/2012