Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2012
    S M T W T F S
    « Oct   Dec »
     123
    45678910
    11121314151617
    18192021222324
    252627282930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for November 2nd, 2012




    It appears that information theft has taken a new form: we’ve found a malware that steals image files from all drives of an affected system and then sends them to a remote FTP server.

    Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .JPG, .JPEG, and .DMP files. Both .JPG and .JPEG files pertain to file formats commonly used for images, while .DMP files are memory dump files that contain information on why a particular system has stopped unexpectedly.

    The images below show that TSPY_PIXSTEAL.A copies the files from drives C, D, and E of the affected system into it’s C:\ drive.

    Once done, it connects to an FTP server where it sends the first 20,000 files to the server. Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high. Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks.

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice