Pinch to Create Information-stealing Trojans
A tool that creates trojans and is sold on a number of online forums is used to perform multiple strategic actions. PandaLabs has exposed this tool, called Pinch. Pinch is very simple to use and that makes it dangerous weapon. Any criminal with just basic computer skills could work with it to create a Trojan. It also does not require much time or money to create the malware, said Luis Corrons, technical director of PandaLabs. PandaSoftware published this in its news on July 18, 2007.
A key feature of Pinch is that it accepts the attacker's data specifications that trojans normally seize. An interface tab of the tool, PWD, lets the malicious user to choose the kind of password he wants the Trojan to steal. These could range from e-mail passwords to system tool passwords. The Trojan also takes orders to encrypt the stolen data before sending it so that no third person can look at it.
A parser program accompanies Pinch to enable the attacker to decrypt the stolen data and carry out the desired searches. This way, the cyber crook can conveniently find the most valuable data.
Pinch has other dangerous characteristics too, such as it is possible to exploit the tool using the WORM tab. This lets criminals to include worm features to their Trojan creations, which can then spread automatically through e-mail or by infecting files.
Pinch helps in other activities as well. It helps in converting computers into zombie PCs, add trojans to other malware, which then become more difficult to detect, and destroy specific system processes like those belonging to security solutions.
In the end, Pinch allows users to specify how the stolen data must reach the malware creator. Cyber criminals can receive the data via HTTP, SMTP or simply command the Trojan to store the stolen data in a folder on the attacked computer to regain it at a different time through a port that the Trojan opens.
The tool is wholesome that helps attackers to design information-stealing trojans of all kinds from the very simple to the very complex and treacherous ones. The worst part is that the tool is available for sale online, so any nasty user can use this tool for malicious activities, said Corrons.
» SPAMfighter News - 31-07-2007