|Detected||Dec 29 2004 13:37 GMT|
|Released||Jul 23 2009 16:14 GMT|
|Published||Dec 29 2004 13:37 GMT|
This family of Trojans utilises spoofing technology. The Trojans themselves are contained in fake HTML pages. Messages, purportedly from banks, financial institutions, internet stores, software companies etc. are sent to users. These messages contain a link to the fake page; this link exploits the Frame Spoof vulnerability in Internet Explorer.
The Frame Spoof vulnerability is present in Internet Explorer v. 5.x and 6.x, and detailed in Microsoft Security Bulletin MS04-004. The bulletin also gives recommendations on how to recognise spoofed sites.
Once a user visits the fake site, and enters account details or personal information, these details will be sent to a malicious remote user, who will then have access to users' confidential information.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.