Saturday, July 21, 2007

Pinch - Professional CyberCrime Trojan Creation

Via Net-Security.org -

PandaLabs has uncovered Pinch, a tool sold on several online forums and designed to create Trojans. The tool lets cyber-crooks define a series of malicious actions that the Trojans can take.

One of Pinch’s main features is that it allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. Also, it is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it.

...

One of the most dangerous features of Pinch can be exploited through the WORM tab, which allows criminals to add worm features to their creations, so that they can spread by their own means, infecting other files or sending themselves out by email.

Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.

Finally, Pinch lets users define the way in which stolen data must be sent to its creator. Cyber-crooks can receive data via SMTP, HTTP or, simply order the Trojan to leave stolen data in a file on the infected computer to retrieve it later on through a port opened by the Trojan itself.

Pinch is accompanied by a parser program that allows users to decrypt the reports created by the Trojan with the stolen data and perform searches in them, so that cyber-crooks can easily identify the most profitable data.

No comments:

Post a Comment