Please patch your pcs against this new crap...
http://www.eweek.com/article2/0,1895,2172516,00.asp[/url]
Trojans getting user information from major jobsites.....
- hij-h-acker
- suck-o-fied!
- Posts: 91
- Joined: 24 Feb 2007, 17:00
- 17
- Contact:
PRG trojan
http://www.secureworks.com/research/thr ... =prgtrojan
<edited from article>
Prg Trojan Avoids SSL Encryption
We found that the Prg variant, as well as the original wnspoem Trojan, share the ability to sniff sensitive data from Windows internal memory buffers before it's encrypted and sent to SSL-protected web sites.
Research into the origin of this malware revealed that it is being sold to multiple groups who are carrying out attacks simultaneously.
One group names their attacks using the letter "H" and uses e-mail to spam the Trojan to unsuspecting users. Once the user opens the email and clicks on the enclosed link or attachment, they are infected. One of the most recent Prg emails had a subject line reading: "HAPPY FATHER’S DAY, someone special has sent you a greeting." This group's attacks sent data back to servers in the Russian IP address space.
Another group names their attacks after makes of cars ("Ford," "Bugatti," and "Mercedes"), and spread their versions of the Trojan by exploiting vulnerabilities in the ADODB and other components of Windows and Internet Explorer; it reports back to servers in both the United States and China.
<end>
Actual PRG study in 2006 on the PRG trojan, everything you'll need...
http://www.securescience.net/FILES/secu ... eStudy.pdf
DNR
<edited from article>
Prg Trojan Avoids SSL Encryption
We found that the Prg variant, as well as the original wnspoem Trojan, share the ability to sniff sensitive data from Windows internal memory buffers before it's encrypted and sent to SSL-protected web sites.
Research into the origin of this malware revealed that it is being sold to multiple groups who are carrying out attacks simultaneously.
One group names their attacks using the letter "H" and uses e-mail to spam the Trojan to unsuspecting users. Once the user opens the email and clicks on the enclosed link or attachment, they are infected. One of the most recent Prg emails had a subject line reading: "HAPPY FATHER’S DAY, someone special has sent you a greeting." This group's attacks sent data back to servers in the Russian IP address space.
Another group names their attacks after makes of cars ("Ford," "Bugatti," and "Mercedes"), and spread their versions of the Trojan by exploiting vulnerabilities in the ADODB and other components of Windows and Internet Explorer; it reports back to servers in both the United States and China.
<end>
Actual PRG study in 2006 on the PRG trojan, everything you'll need...
http://www.securescience.net/FILES/secu ... eStudy.pdf
DNR
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
hmmm....the prg trojan seems not to be widely spread, and imo it is not more dangerous than any other trojan....it don't even have the ability to hide its task, its process can be found as ntos.exe in taskmanager (again I take this opportunity to recommend Process Explorer as replacement for the MS taskmanager).
so it's not really something to worry about, and any AV should be able to identify it already....but security paranoids can use this little tool to check for an infection, simply run it in command line...
so it's not really something to worry about, and any AV should be able to identify it already....but security paranoids can use this little tool to check for an infection, simply run it in command line...