New crimeware targeting companies
The new variant, “Prg”, researched by Finjan’s Malicious Code Research Center (MCRC) and also noted by Don Jackson of managed security specialist SecureWorks, relays sensitive data collected during employees’ online activity to hacker websites, using SSL-encrypted format. Finjan’s MCRC found criminals’ servers in Panama.
Jackson’s research suggests that the crimeware has been modified using a Trojan development kit to listen for hacker commands on a special TCP/IP port. These commands allow the hacker to gain remote control of the compromised system. Jackson’s analysis of log files on the servers storing the stolen data found that information was coming from corporate PCs, as noted in his report.
“This trend highlights the alarming growth of crimeware toolkits being sold to criminals by hackers. Such crimeware is focusing on stealing sensitive business data and sending it back to criminals’ servers over encrypted communication channels like SSL, in order to go undetected”, said Yuval Ben-Itzhak, the CTO of Finjan.