Threat Alert - New Trojan Found by Radware ERT
August 2012 by Radware
Radware’s ERT releases a threat alert regarding a new Trojan malware that sends sensitive user information out of the organization.
Radware’s Emergency Response Team (ERT) research Lab released a threat alert regarding a newly discovered Trojan Key Logger named Admin.HLP that was detected today for the first time within one of its customer’s servers. Admin.HLP, is malicious software that monitors keystrokes on the victim’s computer, collects user passwords, credit card numbers and other sensitive information. Then it sends all the stolen data out of the organization to the attackers’ remote servers over secured HTTPS connection.
The Admin.HLP Trojan is hidden within a standard Windows help file named Amministrazione.hlp and attaches itself to emails. This standard help file does not trigger a response from anti-virus software that may be installed, and therefore it slips under the radar of standard security protection. Once the Windows help file is opened, Admin.HLP installs itself on the victim’s computer, and it starts to collect keystrokes, which over time is sent to the attackers’ remote server. In order to remain a persistent threat, Admin.HLP creates a startup file in Windows, guaranteeing that the Trojan is invoked after every restart of the computer.
Read more here :