Phony Agent Programs in Russia Spread Information Stealing Malware

Maxim Goncharov, Advanced Threats Researcher at security company Trend Micro, wrote on the trendmicro blog on October 20, 2009 that the company's researchers over the recent weeks had come to know that the cyber-crime world of Russia had been producing newly designed information-stealing malicious software in overwhelming quantities.

The software, which comes in two versions, pretends to be agent programs like Vkontakte and Odnoklasniki that apparently used by the Russian social-networking websites. Agent programs mean those programs that certain kinds of websites use for the benefit of visitors who can log into the sites even if the browser is not on.

Goncharov said - cyber criminals or hackers, wish to capture the login details of people visiting the particular social-networking websites, would supply the phony agent programs' authors an ICQ number or an e-mail ID where the stolen credentials would be uploaded. Thereafter, it would be the responsibility of these authors to distribute their malicious software among the visitors.

Users, who download and execute the phony agents, would find an interface resembling genuine agent programs.

If they use those agents to log in, a message would appear telling them that the server link hasn't worked out. Actually, the process of capturing the credentials and their subsequent dispatch to the remote hackers takes shape through the supplied ICQ number or e-mail ID.

Trend Micro has detected this threat, according to Goncharov, as TSPY_FKANTAKTE.A, a spyware which users might inadvertently download from remote websites with the help of other malware. Characteristically, the spyware is a keystroke intercepting program that captures sensitive information such as usernames, passwords, login credentials for banking websites, etc., and then transmits the collected information to an e-mail ID that the cyber-criminals specify, Goncharov explains.

The new technique indicates that malicious software, which captures sensitive data, is becoming more and more common among cyber-criminals who can easily use them to gain monetary benefits. With stolen financial information of consumers, the criminals can make fraudulent purchases or carry out money laundering, whereas theft of confidential business data could lead to forceful extractions.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 11/2/2009