Poison Ivy Compromises Computer and Accesses Stored Information

The PoisonIvy.r Trojan infiltrates computers through different online programs, harmful software and movie downloads from malicious websites. MicroWorld experts have informed that the Trojan was reportedly found in a few unprotected computers in U.K. and Netherlands, as published by Help Net Security on June 26, 2007.

With the help of a Server element of Poison Ivy, the Trojan enters the computer. Poison Ivy is a Remote Administration Utility common in use. Once the Trojan infiltrates the PC, it makes a copy of itself on the Windows Root Directory from where it executes that copy.

Poison Ivy Trojan started infecting computers in June 2006. The malware is based specifically on Poison Ivy, a high standard reverse connection and a remote administration tool capable of bypassing firewall.

The Trojan inside an affected PC alerts the Trojan creator when the infected computer connects to the Internet and facilitates access, or even full control, of the infected system to the hacker. It also steals usernames and passwords, banking and credit card details, or similar personal information stored on the system.

The old shout-out virus is disappearing with the stealthier varieties taking its place. These new viruses are sly in nature and use various methods of infection, says Govind Rammurthy, CEO of MicroWorld Technologies. The drastic change in the purposes of modern day malware writers determines the nature of the viruses and worms. They mean business and so use the computers either for spying into corporate networks or to launch various kinds of attacks online, according to news reported by Help Net Security on June 26, 2007.

While the Poison Ivy tool is undergoing development and a hacker could update server files from a remote location, making detection more complicated. An attacker who uses the backdoor via TCP channels could dig out system information, stop or restart processes, capture screenshots of the desktop, download files from the Internet and perform many other tasks.

The earliest version of this Trojan spread using documents prepared in Ichitaro, the Japanese Text Editor program. The Trojan normally spreads through e-mail attachment. The first detection of PoisonIvy.20.A was in an infected Runescape, an online multiplayer game.

» SPAMfighter News - 7/10/2007