New phishing Trojan disguises illicit activity

Web security firm Websense has warned users of a new phishing Trojan that is able to disguise its activity.

Web security firm Websense has warned users of a new phishing Trojan that is able to disguise its activity.

The Trojan installs itself as an Internet Explorer browser helper object, then waits for the user to enter information in specific website forms, including those found on on-line banking sites.

The inputted information is then captured by the Trojan and sent to remote attackers who can use it to commit fraud.

What makes this Trojan different from others is that it sends the stolen data using ICMP packets.

Keylogging Trojans usually transmit stolen data via e-mail or HTTP POST commands, which can be more easily spotted by security software.

Websense said, “This Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet. To network administrators and filtering software, the ICMP packet looks like legitimate traffic.”

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats

Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close