Experts at Sunbelt Software Inc. have recently discovered a special program that they believe is used to create new keylogger and trojan programs aimed at attacking customers of financial credit organizations worldwide.
Security experts stumbled upon this program on a website used to gather information about variants of a trojan strain known as WinLdra.
The program in question provides a very user-friendly interface for creating a completely new variant of the WinLdra trojan capable of stealing credit card numbers or online banking account information from infected computers. Moreover, this trojan can also automatically execute electronic payments to transfer money to the attacker’s malicious account. The tool for developing this trojan is extremely easy to use, even for hackers with limited experience in creating specialized trojans.
Eric Sites, Vice President of Research and Development at Sunbelt, stated that this could explain the recent “flood” of WinLdra variants on the internet over the past few months, resulting in a massive amount of stolen customer information from banks and financial credit organizations.
Until recently, the program that facilitates the creation of new WinLdra trojans was officially advertised for sale online through the website www.ratsystems.org. This website is no longer operational. The domain was owned by an individual named “Dimitry Semenov” residing in Russia.
WinLdra is primarily distributed through dangerous websites by exploiting security vulnerabilities in Microsoft’s Internet Explorer browser. Once it infects a user’s computer, this trojan can send the entire content of Windows Protected Storage back to the malicious attacker.
Sunbelt researchers first discovered the WinLdra trojan in August 2005 and have been tracking this trojan’s trail, uncovering a network specializing in stealing customer information from banks and financial credit organizations. However, this trojan continues to evolve and spread aggressively. The discovery of the development assistance program for this trojan is a well-deserved recognition for the Sunbelt experts.
Therefore, it can be said that WinLdra is an extremely difficult trojan to detect because new versions are created incredibly quickly and simply with minimal skills. The support program is overly simplistic, extremely user-friendly, and easy to install.
Furthermore, the discovery of this trojan development support program also indicates that the theft of user account information from banks, financial credit organizations, or credit card numbers is becoming increasingly sophisticated with more tricks involved. This further confirms the trend driven by the financial motives of today’s hackers.