Jump to content

New Trojan Threat Emerges


Recommended Posts

Internet security specialist BitDefender has warned about the dangers of a new spying Trojan it describes as "a serious enemy" that can be used as a corporate spying tool.

In a statement, BitDefender says that Trojan.Spy.YEK sniffs for critical data and archives that may hold private information and sends them back to the attacker.

BitDefender Malware Researchers Doina Cosovan and Octavian Minea say that because Trojan.Spy.YEK has both spying and backdoor features, it is a serious enemy.

"A spying malware in the local network of a company means danger and unfortunately the number of such threats is constantly increasing," the researchers said.

"With an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of meeting spots with the attacker," the researchers said.

Backdoor Spyware

"The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots of the ongoing processes."

Some of the commands Trojan.Spy.YEK is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension.

"Shortly put," the researchers said, "it uploads all the interesting data on a FTP server without the user's consent.

"The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEK a prime suspect of corporate espionage as it seems to target the private data of the companies".

Cosovan and Minea say that the Trojan can run, without problems, on all versions of Windows from Win 95 to 7.

"If you haven't done that already, this should be a good time to try an antivirus," they said.

Stuxnet Follow-On

This latest warning comes in the wake of a new breed of e-threats called Stuxnet, a malicious worm that emerged in July 2010. Stuxnet is one of the first malware Trojans that targets Siemen's widely-deployed Supervisory Control and Data Acquisition, or SCADA, systems which are used to monitor automated plants - from water treatment and distribution to power generators.

At the Govware conference in Singapore in September, the Lion City's Senior Minister of State for Law & Home Affairs, Associate Professor Ho Peng Kee, warned of the "catastrophic implications" should control of such industrial systems fell into the wrong hands through the use of Stuxnet".

In October, BitDefender released a free removal tool that allows users infected with Win32.Worm.Stuxnet.

view.gif View: Original Article

Link to comment
Share on other sites

  • Replies 5
  • Views 1k
  • Created
  • Last Reply

I bet that they maded that trojan! :sneaky:

you mean BitDefender ? wouldnt be the first time

Link to comment
Share on other sites

I bet that they maded that trojan! :sneaky:

you bet?

of course they did

anyways boring news is boring.....just another news about some 'new' trojan that is said to infect a sh*tload of people, yet none of us

note: this news also hints the name of the company which made the virus.....CrapDefender.....maybe you'll view this rogueware company for what it really is....sh*t

Link to comment
Share on other sites

A virus that enables login and data retrieval to emails personal info is way easy to disable because remember hackers vs hackers always find a way to defeat a probable cause in terms of, making the best viruses that are not stoppable. I'm pretty sure this Trojan.Spy.YEK is something the corporate business world should be worried about because their servers are the 1st ones to be targeted by this dumb virus.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...