We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Websense discovers ICMP data-stealing Trojan

Sends your details down a back passage

A Trojan has been discovered that attempts to evade detection by sending stolen data back to its creators using the ICMP (Internet Control Message Protocol) back channel. Detected by Websense, the Trojan is a conventional data-stealer up to the point it communicates back to its host.

Once a PC has become infected, the Trojan installs itself as an Internet Explorer BHO (browser helper object), and then waits quietly for the user to access one or more target online-banking websites. If a target site is accessed, it logs the field keystrokes, inserting them into the data part of ICMP ping packets after performing a simple XOR encryption routine on them.

Websense claims the effect is to make the data stream very hard to detect because ICMP is the last place one would normally look to find pilfered data. ICMP packets are normally used to send feelers out to internet hosts, for example by utilities such as Traceroute or Ping, and are a routine occurrence.

Data and password-stealing Trojans more commonly use conventional channels such as email or HTTP mail to send information out of a network or PC, but this is something that can be blocked.

Websense reports that the Trojan works, after testing it out while entering data on the SSL-based website of Deutsche bank using an infected PC. The Websense website offers an eerie screen grab of the results of this, before and after encoding by the BHO.

Despite being an old criminal pastime, the steady evolution of malware to automate phishing continues. Password stealers still plague internet users, using every technique going, while others come as a consequence of rapidly-expanding botnet networks.

From being a high-profile crime that depended on social engineering of the gullible, phishing has retreated into a world of automated botnets, and exploits based on subterfuge and stealth. Anyone suffering at the bleeding edge of an ICMP Trojan would never be aware anything was amiss until their bank account suddenly emptied one day.


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Best Photoshop Tutorials 2014: 10 inspiring step-by-step guides to creating amazing art,...

IDG UK Sites

Complete guide to iPhone and iPad settings: Get to know iOS 8 Settings UPDATED