‘Hand-of-Thief’ Undergoing Construction to Become Commercially Viable; RSA

RSA the security company says that the banking Trojan for Linux computers known as "Hand-of-Thief," which security researchers found getting sold on illegitimate websites hosted in Russia during July-end 2013, is currently with little stealing abilities or none at all.

Senior Security Researcher Yotam Gottesman of RSA said that the malware's stealing capabilities were extremely limited if none that gave it a prototype character meaning there was plentiful more work required to make it a significantly commercial banker Trojan. Threatpost.com published this dated September 3, 2013.

There's one builder packed with the malware which lets bot-herders create fresh variants, so the "Hand-of-Thief" can be used commercially. But, with respect to what it can actually perform, the Trojan can't yet be used for web injections, state researchers.

Hand-of-Thief's (HoT) developer asserts that he is about to start the system for web-insertions. But, the malware's content stealing mechanism does not work on Web-browsers apparently backing the malware; therefore, the web-insertions too aren't likely to work.

On running a trial with the Trojan, RSA discovered that the malware could in fact insert itself inside any process of the browser, although within the majority of incidences, it became inactive alternatively brought the browser down.

Gottesman elaborated that for a HoT-infected computer running Firefox, the malware seized solely empty requests and didn't transmit any data to the remotely controlling Web-server. But, in the presence of Google Chrome, HoT, after seizing certain requests, did perform the transmission, he indicated. Darkreading.com published this dated September 3, 2013.

However, as per RSA, the Trojan is unable to select relevant data; therefore, it generally seizes all requests that come to the browser, thus, making the server suffocate as irrelevant content crowds it.

Moreover, the HoT uses a rather primitive technique of infection. The exploit pack with it isn't so much reliable as other common exploit packs. The developer, instead of suggesting a proper infection technique, simply approves the malicious program being dispatched to victims through electronic mail.

Meanwhile, Gottesman states that it's easy to remove HoT via the deletion of those files it loads when the malware gets installed.

» SPAMfighter News - 9/10/2013