Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new variation of the Pinch Trojan has been detected by Prevx.
Director of malware research Jacques Erasmus, claimed that the Trojan is still infecting users despiten its creators being arrested more than a year ago. Data also showed that more than 4000 users had been infected yesterday from one variation.
Of the 4000 people infected, 392 are from the USA, 335 from Brazil, 93 from China and 73 from the UK. The data also shows that out of the 4000 people infected, more than 150 were already running active anti-virus software, underlining the fact that despite the source code being over a year old, it is still bypassing traditional signature-based anti-virus.
Prevx has reported the location distributing the malware to the relevant ISP, which has subsequently been shut down.
Erasmus said: “This data is an interesting insight into the modern world of the malware developer. By simply buying the software kit off the internet and adding a few custom tweaks, the owner of this particular variation is managing to get round major anti-virus software and stealing peoples credit card details, passwords and other personal information.
“The code to create this Trojan has been on forums and passed around, I have seen two to three versions a day created and tested out, either on virus websites or on our products.”
He claimed that there are a few specific features of the Pinch Trojan, specifically that it will infect both Internet Explorer and Firefox to monitor and collect passwords and credit card details. From a corporate perspective, it can steal technical services and remote credentials, and can login to the network using these details.
Erasmus said: “This is only variant of it, and there are a large number of possibilities for other versions. Anyone trying to make a business out of malware can simply get the code and give it a try.
“It just goes to underline that the signature-based approach is not enough - what is needed is a complementary anti-virus approach which can detect malware using a different technique. Only by taking this approach can people catch these latest types of malware.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.