Malware of the week: password and phone number stealers

The Ldpinch.ZO Trojan reaches computers by email or through Internet downloads.  Once on the computer, it displays a list of pornographic photos in Windows Explorer.  This manoeuvre is aimed at distracting the user while it releases a file onto the system which carries out malicious actions. 

The first action consists of stealing information stored on certain browsers (FireFox, Mozilla, Internet Explorer,-¦), FTP clients (CuteFTP, SmartFTP, -¦), instant messaging applications and other programs. The Trojan then sends the information by email to its creator.

Ldpinch.ZO also opens a port on the infected computer, permitting an external attacker to access a command interpreter, and consequently, to control the computer.  This malicious code also allows intrusion attempts to bypass the firewall warnings. 

PhoneStealer.A, this week’s second Trojan, hides in a file called programs.exe.  When it infects a computer, it checks whether the PC connects to the Internet through a modem.  If so, it changes the modem’s configuration, causing the Internet connection to slow down.  

Next, PhoneStealer.A steals all the phone numbers users store on computer programs such as Outlook, Messenger, etc. to send them to its creator.

Finally, StealAll.A is a password stealer designed to steal all the information entered in web forms.  It creates several files on the system including the DLL library, which is injected in the Internet browser installed on the computer.

In this way, it can obtain information such as email addresses, information about the operating system, user information, logins, passwords, PINs, bank account numbers, credit card numbers, etc.  This data is stored on a server that crooks then access to collect the stolen information.  StealAll.A also gets hold of data from cookies relating to websites users visit.

Source: