New Cimuz.EL Trojan Makes an Outbreak
A malicious code named Cimuz.EL has been circulating on the Internet for the last few days accounting for 57% of malware, reports PandaLabs. Financialmirror published this on April 12, 2007.
A Trojan horse, Cimuz.EL was first discovered on April 10, 2007. It corrupts Windows 2003/XP/2000/NT/ME/98/95. This Trojan hovers on Internet traffic and steals information that users enter in web forms. It also seizes some items of information from the user's computer like the IP address and then sends all the captured data to its creator. The Trojan is not able to spread on its own.
The malicious code creeps into the computer in phases. First a portion of the malware operating as a downloader infects the computer. Then the remaining Trojan follows with its deceitful actions.
After Cimuz.EL fully installs itself on a computer system, it captures data from the infected PC. These data include e-mail, IP location, program passwords, and hardware and software data.
The Trojan also tracks Internet activity of the users. For that it injects a DLL into the Internet Explorer browser. This helps it to steal all information users key into the online forms such as bank particulars, credit card numbers, passwords and others. Then the Trojan transmits the collected information to its author from time to time via a server.
Cimuz.EL needs user intervention support to spread and enter the attacked computer. These channels are floppy discs, CD ROMS, Internet downloads, e-mails carrying attachments, IRC channels, FTP, P2P (peer-to-peer) file sharing computers and so on.
This malware is among the most serious threats in the Cimuz family as is evident from its functions and speed of propagation. The fact that it is able to steal information widely irrespective of their utility shows the focused interest of cyber criminals to collect as much data as they can in order to turn them into personal profits, pointed out Luis Corrons, technical director of PandaLabs. Net-security published his remark on April 12, 2007.
Since the Trojan uses various channels to spread, it is important for users not to run any attachment that comes from an unknown source, cautioned Corrons.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 19-04-2007