Password-stealing Trojan cut off at source
Published: 07 Jul 2004 09:10 BST
An attempt to pinch user information from banking sites using a malicious pop-up program has been nipped in the bud, says Symantec.
Last week, security experts uncovered a Trojan horse -- dubbed PWSteal.Refest by the security software maker -- which installs itself through a pop-up advertisement when users logged onto the Web sites of any one of nearly 50 targeted banks.
Once installed, the Trojan logs the keystrokes and passwords of its victims' computers and sends the data back to a Web site listed by the program's creators.
However, this ploy was foiled as the site which was meant to harvest the stolen information was quickly shut down, said Tim Hartman, Symantec Asia-Pacific's senior technical director.
As a result, Hartman said the company did not receive any reports of information theft from its Asian customers, particularly those in the banking sector.
While the PWSteal threat appears to have been contained, its emergence reflects the trend of exploiting Internet Explorer (IE) loopholes to turn Web sites into avenues of malware dissemination.
Last month, IE flaws were blamed for two other hacking schemes, one that turned some Web sites into points of digital infection, and another that installed a toolbar on victims' computers that triggered pop-ups.
In response, Microsoft has advised users to set their IE security settings to the highest. The firm also released a patch for the IE vulnerability last Friday.
CNETAsia's Winston Chai and News.com's Robert Lemos contributed to this report.










