| Trojan horses are little programs that promise one thing--say, a smiley face cursor--but do another--for example, record every keystroke you make or every Web site you visit. Remote-access Trojans (RATs) open a port on your computer, sharing your personal login passwords with crackers from around the world. It's the keystroke-recording RATs that are wreaking havoc these days. If you think there are a lot of viruses out there, you're right. But there are even more Trojans floating around the Internet. One reason for the exponential growth of Trojans is their ability to capture specific information. The group HangUp Team, located in Russia, openly advertises its programming services, claiming that they will custom design a keystroke-logging RAT to defraud the bank or credit card company of your choice. Why target banks? Because that's where the money is. According to the antivirus software vendor F-Secure, the Russian HangUp Team may have engineered a recent spate of low-threat viruses known as Korgo. The Korgo virus opens a back door on your computer, then downloads the Padobot keystroke-logging RAT that captures your personal login information and, after you've completed your session, sends the information to a cracker. The cracker, posing as you, then logs in and makes a very large withdrawal from your account. Viruses containing account-stealing Trojan have been tried before, mostly in Europe. Korgo is different, however, in that, like Sasser and MSBlast, it runs automatically on Windows 2000 and XP machines connected to the Internet that are vulnerable to the LASS buffer overrun vulnerability - you don't even have to open e-mail or an attached file to become infected. If you've updated your Windows OS since April 13 with the latest security patches, you should be protected. |
