A security firm revealed information on March 22 about one of the most complex Trojan “bots” ever programmed.
According to this security firm, the Trojan has started to spread across the internet and infect unprotected systems for several months. It is estimated that over one million computers have been infected.
The primary goal of this Trojan is still to steal users’ online banking accounts.
iDefense reported that this Trojan now has several different variants with names like “MetaFisher” and “Spy-Agent” that have been “roaming freely” for several months.
Ken Dunham, director of the iDefense rapid response team, said: “MetaFisher has infiltrated hundreds of thousands of computers and stolen millions of online banking accounts.”
This type of Trojan continues to use the familiar method of spreading via email. It exploits a security vulnerability in Windows Metafile (WMF) to “secretly” infiltrate users’ computers when they visit dangerous websites linked in emails.
Once it successfully breaches a system, this Trojan will automatically turn the “victim” PC into a “bot” – also known as a remotely controlled computer. Dunham described this as the most complex bot Trojan to date.
MetaFisher uses HTML injection techniques to trick users into providing information whenever they log into their online banking accounts.
Currently, MetaFisher is only targeting banks in Spain, the UK, and Germany, along with their customers.
iDefense successfully decrypted the encryption techniques used to obscure the network traffic exchanged between the bots and their controlling devices for monitoring purposes over the course of several weeks. iDefense then passed the information to its parent company, VeriSign – which is currently working to shut down the dangerous websites hosting this Trojan.
It can be said that bots are becoming one of the top tools for cybercriminals in stealing personal financial information from users. This is a trend that is rapidly developing.
