Safe`n`Sec blocks trojan attacking bank in Netherlands
Released on = April 13, 2006, 5:29 am
Press Release Author = Olga Gorshkova, StarForce
Industry = Software
Press Release Summary = Last week Kaspersky Lab. detected first bank trojan Trojan-PSW.Win32.Agent.ew developed for bank info theft. Safe'n'Sec® proactive PC protection developers analyzed trojan's behavior and made an expert decision - Safe'n'Sec® blocks trojan's malicious actions.
Press Release Body = Last week Kaspersky Lab. detected first bank trojan Trojan-PSW.Win32.Agent.ew developed for bank info theft. Safe'n'Sec® proactive PC protection developers analyzed trojan's behavior and made an expert decision - Safe'n'Sec® blocks trojan's malicious actions. In particular Trojan-PSW.Win32.Agent.ew invaded into De Postbank (Netherlands) computer network which is the last large bank in the country that uses TAN-codes. New tendency in ordered malware development is the following - cyber-criminals have turned their attention from fishing to trojan programs. PSW (Password-Stealing-Ware) family of trojans steals various data from the infected PC system passwords usually. After downloading this malware starts searching system files with confidential content for ex. telephone numbers, Internet access passwords etc. Gathered info is sent to e-mail address written in the trojan's code. As far as Trojan-PSW.Win32.Agent.ew is concerned it starts its damaging activity with including Internet Explorer into Windows brandmauer exclusion list through register key creating: \\REGISTRY\\MACHINE\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST\\C:\\PROGRAM FILES\\INTERNET EXPLORER\\IEXPLORE.EXE All trojan's technical data is stored in created register keys. Creating the keys Trojan-PSW.Win32.Agent.ew registers BHO Internet Explorer under Software Installation Snapin Extenstion name and then allows BHO extensions via key creation. Creating C:\\WINDOWS\\system32\\msnscps.dll file the program conceals as the following system file:
Product version: 5.1.2600.2180 File version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Internal name: Software Installation Snapin Extenstion Product name : Microsoft® Windows® Operating System Publisher : Microsoft Corporation
After that the trojan starts gathering confidential data and e-mailing it to the customer.
Trojan-PSW.Win32.Agent.ew is not dangerous for Safe'n'Sec®-protected PC as Safe'n'Sec® after analyzing the trojan's behavior blocks system files changing and BHO extensions adding.
About Safe'n'Sec® Safe'n'Sec® provides the inner PC environment security as well as secure Internet navigation. The program occupies minimum HDD (20 Mb) and uses no more than 2% processor resources as it doesn't depend on signature updates. Being compatible and successfully supplementing other IT security software Safe'n'Sec® provides constant and reliable PC protection.
PR service Olga Gorshkova PR Director StarForce 127106 Russia, Moscow Altufievskoe shosse 5/2 Phone: +7 (095) 967-1451 ext. 236 E-mail: olga.gorshkova@star-force.com http://www.star-force.сom