PandaLabs has detected several malicious files that are exploiting the latest vulnerability announced by Microsoft (MS08-067) to infect users and steal confidential data including instant messaging passwords, login credentials used online, etc. The vulnerability affects Microsoft Windows 2000, Windows XP and Windows Server 2003.
One particular strain of malware which exploits this security hole, the Gimmiv.A Trojan, enables its creators to take complete control of the compromised system.
Once a computer has been infected, the Trojan starts gathering the following information:
- User names and passwords entered in Web pages.
- MSN Messenger passwords
- Outlook Express passwords
- System user name
- Computer name
- Patches installed
- Information about the browser
All stolen information is encrypted using the Advanced Encryption Standard (AES) and sent to a remote server.