F1
03-26-2007, 12:08 PM
The Atlanta-based security services firm SecureWorks discovered, by way of an inquiry from one of its Windows customers, what appears to be a very sophisticated Trojan horse program. Under intense analysis, the program was discovered to be attempting to deliver users’ certificates and other identifying data to a variety of IP addresses found to be hosted in Russia.
The Trojan trips only a handful of anti-virus programs using heuristic analysis, an in-depth SecureWorks report states, including Sophos, Symantec, F-Prot, and CA’s VET. But it just slips by most other protection programs; and evidence trails uncovered by SecureWorks indicate that specifically-targeted users may have been infected as far back as December 2006.
BetaNews (http://www.betanews.com/article/Russian_Windows_Trojan_Discovered_May_Point_to_Identity_Theft_Ring/1174682579)
The Trojan trips only a handful of anti-virus programs using heuristic analysis, an in-depth SecureWorks report states, including Sophos, Symantec, F-Prot, and CA’s VET. But it just slips by most other protection programs; and evidence trails uncovered by SecureWorks indicate that specifically-targeted users may have been infected as far back as December 2006.
BetaNews (http://www.betanews.com/article/Russian_Windows_Trojan_Discovered_May_Point_to_Identity_Theft_Ring/1174682579)