Weekly report on viruses and intruders
Among the thousands of malicious codes that have appeared this week, the present PandaLabs report focuses on the Bankolimb.AF Trojan and the Autorun.RS worm. When it is run, Autorun.RS releases two files on the computer designed to steal passwords for online games.
The use of worms that can steal passwords, a feature more often associated with Trojans, is a growing trend. The reason is that worms, unlike Trojans, can spread by themselves, which represents a real advantage for cyber-crooks.
Theft of passwords for online games is motivated by the potential financial returns that this can generate. In these games, there are levels and items that can only be achieved through skill and experience. However, many users are willing to pay for them on forums, web pages, etc. Cyber-crooks readily profit from this situation.
The Bankolimb.AF Trojan drops several libraries on the computer, one of which is registered as a BHO (Browser Helper Object). This allows it to monitor the Internet activity of the user, monitoring when they access online bank pages, and adding fields to forms that users see on these pages, in order to collect additional information.
The Trojan captures keystrokes to steal passwords entered into these pages. It then sends the information to its creator, uploading a file with the data to a server.