PC Tools, an American company specializing in real-time spyware software, has recently warned users about a dangerous software named Keylog-sters, which has been gathering sensitive data from many countries around the world.
Keylog-sters captures screenshots of any webpage with login fields such as usernames and passwords, then saves the information as a text file, uploads it to a private FTP server, and organizes it into folders named after the countries of the monitored victims.
This is a new variant of the Trojan Keylog-sters, which first appeared about a year ago and is classified as highly dangerous. “It operates like traditional keylogging Trojans, but we have never seen a version spread this widely,” a spokesperson for PC Tools stated. “Recently, only a few hundred cases have been reported in Australia, but in the UK, the US, and other countries, the number of infected computers has reached into the thousands.”
Banks, telecommunications companies, and airlines are just a few examples of organizations that have been affected by this Trojan.
Meanwhile, F-Secure has also reported the emergence of Nyxem.E, believed to be a new variant of Nyxem.D. The Finnish security firm’s tools have recorded over half a million computer systems infected from Australia to the US, and this number continues to rise.
These large amounts of hazardous data are activated periodically on the 3rd of each month, by replacing the content in files such as .doc, .xls, .mdb, .mde, .ppt, .zip, .rar, .pdf, .psd, and .dmp on users’ machines with the string “DATA Error [47 0F 94 93 F4 K5]“. As a result, this worm affects a wide range of programs from Microsoft Word, Excel, PowerPoint, and Access to Adobe Photoshop and Acrobat.
T.N.
