Madrid, March 21, 2008 - According to data gathered at the Infected or
Not website (http://www.infectedornot.com) this week, 25.41% of
computers with a security solution installed were infected.
"Given the vast amount of new samples of malware in circulation every
day, security laboratories are saturated and solutions can no longer be updated in time. That's why traditional solutions need to be
complemented with online tools capable of accessing a larger knowledge
base and detecting much more malicious code," explains Luis Corrons,
Technical Director of PandaLabs.
Among the thousands of malicious codes that have appeared this week, the present PandaLabs report focuses on the Bankolimb.AF Trojan and the Autorun.RS worm.
When it is run, Autorun.RS releases two files on the computer designed
to steal passwords for online games.
"The use of worms that can steal passwords, a feature more often
associated with Trojans, is a growing trend. The reason is that worms,
unlike Trojans, can spread by themselves, which represents a real
advantage for cyber-crooks", says Luis Corrons.
Theft of passwords for online games is motivated by the potential
financial returns that this can generate. In these games, there are
levels and items that can only be achieved through skill and experience.
However, many users are willing to pay for them on forums, web pages,
etc. Cyber-crooks readily profit from this situation.
The Bankolimb.AF Trojan drops several libraries on the computer, one of which is registered as a BHO (Browser Helper Object). This allows it to monitor the Internet activity of the user, monitoring when they access online bank pages, and adding fields to forms that users see on these pages, in order to collect additional information.
The Trojan captures keystrokes to steal passwords entered into these
pages. It then sends the information to its creator, uploading a file
with the data to a server.