Might seem a stupid question; however, the trojan writer is believed to be German. They have posted the trojan on games programming sites that are hosted in both Germany and New Zealand and have infected people from various countries.
I raise the question as I am unsure of the way forward - does each infected person and the website owners have to make their own indidvidual complaints or is there a general course of action; ie the website owners make the initial complaints?
As the forums are public-facing anyone can have downloaded the trojan and be unaware.
I am purely someone who visits the forums.
The trojan is troublesome as it is not easily detected - it has been submitted to www.virustotal.com. At the time of submission on 17/12/08 only BitDefender 7.2 and GData 19 could identify it. As of today, only AntiVir, Avast, AVG, Fortinet, K7AntiVirus and SecureWeb-Gateway (plus the first two) detect it. Basically, not many major packages can yet detect it.
On checking last night, Spybot, AdAware, Malwarebytes and a-squared don't detect it.
Basically, it is a single exe that when run splits into two parts - one is a test computer game, the other is what I assumed was the trojan; however both of the new files have 0 detection rate with www.virustotal.com - only the original exe has anything detected in it.
What we know of the trojan is it seems to harvest as many log-ins and passwords as it can get. Seems to scan FireFox to grab as much as possible and then sends them off. Also grabs Messenger logins, Microsoft Product Keys, Outlook, ISP logins; basically as much as it can get.
I am aware of a new trojan that has cropped up in December that is targetting FF users - perhaps this is a variant of it?
We think the whole purpose of this is that the culprit is selling on the information. Some forum users have noted their gmail accounts being hijacked. Prior to this trojan being posted, at least one reports that someone from Germany was trying to hack his Steam account. We also (again prior to the trojan) became aware of a German trying to set up a complicated way of hacking one of the websites by re-hosting his own version to harvest people's logins.
I can supply further information if anyone is interested - the trojan file is still being hosted; We have the links to the online reports at www.virustotal.com for the trojan.
Anyway, the main question here is what do we do about this person? Personally, I think they should be prosecuted.
I raise the question as I am unsure of the way forward - does each infected person and the website owners have to make their own indidvidual complaints or is there a general course of action; ie the website owners make the initial complaints?
As the forums are public-facing anyone can have downloaded the trojan and be unaware.
I am purely someone who visits the forums.
The trojan is troublesome as it is not easily detected - it has been submitted to www.virustotal.com. At the time of submission on 17/12/08 only BitDefender 7.2 and GData 19 could identify it. As of today, only AntiVir, Avast, AVG, Fortinet, K7AntiVirus and SecureWeb-Gateway (plus the first two) detect it. Basically, not many major packages can yet detect it.
On checking last night, Spybot, AdAware, Malwarebytes and a-squared don't detect it.
Basically, it is a single exe that when run splits into two parts - one is a test computer game, the other is what I assumed was the trojan; however both of the new files have 0 detection rate with www.virustotal.com - only the original exe has anything detected in it.
What we know of the trojan is it seems to harvest as many log-ins and passwords as it can get. Seems to scan FireFox to grab as much as possible and then sends them off. Also grabs Messenger logins, Microsoft Product Keys, Outlook, ISP logins; basically as much as it can get.
I am aware of a new trojan that has cropped up in December that is targetting FF users - perhaps this is a variant of it?
We think the whole purpose of this is that the culprit is selling on the information. Some forum users have noted their gmail accounts being hijacked. Prior to this trojan being posted, at least one reports that someone from Germany was trying to hack his Steam account. We also (again prior to the trojan) became aware of a German trying to set up a complicated way of hacking one of the websites by re-hosting his own version to harvest people's logins.
I can supply further information if anyone is interested - the trojan file is still being hosted; We have the links to the online reports at www.virustotal.com for the trojan.
Anyway, the main question here is what do we do about this person? Personally, I think they should be prosecuted.
Last edited by a moderator: