New Trojan Threat Emerges

Internet security specialist BitDefender has warned about the dangers of a new spying Trojan it describes as "a serious enemy" that can be used as a corporate spying tool.

In a statement, BitDefender says that Trojan.Spy.YEK sniffs for critical data and archives that may hold private information and sends them back to the attacker.

BitDefender Malware Researchers Doina Cosovan and Octavian Minea say that because Trojan.Spy.YEK has both spying and backdoor features, it is a serious enemy.

"A spying malware in the local network of a company means danger and unfortunately the number of such threats is constantly increasing," the researchers said.

"With an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of meeting spots with the attacker," the researchers said.

Backdoor Spyware

"The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots of the ongoing processes."

Some of the commands Trojan.Spy.YEK is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension.

"Shortly put," the researchers said, "it uploads all the interesting data on a FTP server without the user's consent.

"The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEK a prime suspect of corporate espionage as it seems to target the private data of the companies".

Cosovan and Minea say that the Trojan can run, without problems, on all versions of Windows from Win 95 to 7.

"If you haven't done that already, this should be a good time to try an antivirus," they said.

Stuxnet Follow-On

This latest warning comes in the wake of a new breed of e-threats called Stuxnet, a malicious worm that emerged in July 2010. Stuxnet is one of the first malware Trojans that targets Siemen's widely-deployed Supervisory Control and Data Acquisition, or SCADA, systems which are used to monitor automated plants - from water treatment and distribution to power generators.

At the Govware conference in Singapore in September, the Lion City's Senior Minister of State for Law & Home Affairs, Associate Professor Ho Peng Kee, warned of the "catastrophic implications" should control of such industrial systems fell into the wrong hands through the use of Stuxnet".

In October, BitDefender released a free removal tool that allows users infected with Win32.Worm.Stuxnet.

Subscribe to the Security Watch Newsletter

Comments