Phishing worm installs trojan without trickery - Philadelphia Conshohocken Delaware Valley PA USA
Netforcement Header
Spacer Services Security Resources Case Studies About Contact Us

Phishing worm installs trojan without trickery

06-03-04


(Philadelphia & Conshohocken, PA)

(Philadelphia & Conshohocken, PA) The threat posed by phishing has racheted up a notch with the Korgo worm, which auto-infects unpatched Windows systems with a keylogging trojan, steals online banking information, and secretly transmits data back to the fraudsters. The worm represents an alarming advance in phishing, as it forgoes the need to trick the end-user into divulging details. Korgo uses the LSASS vulnerability to auto-infect Windows systems that haven't applied the MS04-11 patch issued April 11. Korgo's phishing activities were documented by F-Secure, a cyber security firm, which reports that the associated trojan is aggressively stealing user information from infected machines. "It does this via a keylogger which specifically collects user logins for online banks (the ones which do not use one-time passwords)," writes F-Secure's Mikko Hypponen. "It also logs everything the user types to any web form -- this will collect lots of credit card numbers, passwords etc." That information is sent to one of 11 geographically distributed Internet Relay Chat (IRC) servers, including eight different servers on the Undernet IRC network, which claims to have 45 servers in 35 countries. Source.





BACK to the Netforcement News Page.

REQUEST MORE INFORMATION On how Netforcement can help you secure the integrity of your network.

 
610.260.9989 | Request Info Privacy & Security Site Map | © 2006 Netforcement   
Footer1
Home Page Customer Login PGP Keys