News

PandaLabs spots killer Shark malware

PandaLabs is warning web users of the Shark 2 malware, a highly flexible tool for creating Trojans on users' PCs.

Luis Corrons, technical director at PandaLabs, said, "The Trojans created with Shark 2 are designed to steal all types of confidential information, from the type of processor used by the computer to program and bank passwords.

"Cyber-crooks can even activate users' web cams and watch what they are doing."

Corrons said one of the main dangers of the rogue program is that it allows attackers to create all kinds of malicious code without having much programming knowledge, as it offers an interface allowing cyber-crooks simply to choose the malware characteristics they want.

These characteristics include defining the server to which the malware connects to and the option for configuring the code to run on every system restart, display error messages or run other files.

It also lets users set specific actions for processes and services, such as blocking certain services or closing the user server, for instance.

Once the malware created has infected a computer, it connects to a previously specified server and displays an interface through which the malicious user can take numerous actions.

Firstly, the malware created will show data about the infected system, including the processor, Ram, anti-virus software installed, and type of browser.

Then, Shark 2 allows numerous utilities to be run on the compromised computer. This way, the cyber-crook can take action including modifying the registry or editing the host file. This can allow hackers to redirect users to phishing sites or infected pages.

Trojans created with the tool can capture screenshots, audio, and keystrokes, including password details.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy