Released Crimeware Targets Business Data
Yuval Ben-Itzhak, CTO of Finjan, has warned IT managers in companies of all sizes to be on the lookout for a wave of Trojans, and to protect company IT resources and business data against this growing form of crimeware.
Ben-Itzhak's warning comes in the wake of reports of a $1,000 crimeware development kit, including a Trojan, being sold to would-be hacker criminals.
The new variant, “Prg”, researched by Finjan’s Malicious Code Research Center (MCRC) and also noted by Don Jackson of managed security specialist SecureWorks, relays sensitive data collected during employees’ online activity to hacker Web sites, using SSL-encrypted format. Finjan’s MCRC found criminals’ servers in Panama.
Jackson's research suggests that the crimeware has been modified using a Trojan development kit to listen for hacker commands on a special TCP/IP port. These commands allow the hacker to gain remote control of the compromised system. Jackson’s analysis of log files on the servers storing the stolen data found that information was coming from corporate PCs, as noted in his report.
"This trend highlights the alarming growth of crimeware toolkits being sold to criminals by hackers. Such crimeware is focusing on stealing sensitive business data and sending it back to criminals’ servers over encrypted communication channels like SSL, in order to go undetected", said Ben-Itzhak. “IT managers need to be aware of this latest evolution in crimeware, as Finjan’s research confirms that attempts to pattern malicious code and create signatures, or to categorize known malicious sites, are clearly ‘too little, too late’ when it comes to providing adequate protection to today’s dynamic and evasive Web threats. The way to detect modern malicious code is to be able to understand in real-time what the code intends to do, before it does it.”