We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,818 News Articles

Websense discovers ICMP data-stealing Trojan

Sends your details down a back passage

A Trojan has been discovered that attempts to evade detection by sending stolen data back to its creators using the ICMP (Internet Control Message Protocol) back channel. Detected by Websense, the Trojan is a conventional data-stealer up to the point it communicates back to its host.

Once a PC has become infected, the Trojan installs itself as an Internet Explorer BHO (browser helper object), and then waits quietly for the user to access one or more target online-banking websites. If a target site is accessed, it logs the field keystrokes, inserting them into the data part of ICMP ping packets after performing a simple XOR encryption routine on them.

Websense claims the effect is to make the data stream very hard to detect because ICMP is the last place one would normally look to find pilfered data. ICMP packets are normally used to send feelers out to internet hosts, for example by utilities such as Traceroute or Ping, and are a routine occurrence.

Data and password-stealing Trojans more commonly use conventional channels such as email or HTTP mail to send information out of a network or PC, but this is something that can be blocked.

Websense reports that the Trojan works, after testing it out while entering data on the SSL-based website of Deutsche bank using an infected PC. The Websense website offers an eerie screen grab of the results of this, before and after encoding by the BHO.

Despite being an old criminal pastime, the steady evolution of malware to automate phishing continues. Password stealers still plague internet users, using every technique going, while others come as a consequence of rapidly-expanding botnet networks.

From being a high-profile crime that depended on social engineering of the gullible, phishing has retreated into a world of automated botnets, and exploits based on subterfuge and stealth. Anyone suffering at the bleeding edge of an ICMP Trojan would never be aware anything was amiss until their bank account suddenly emptied one day.


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'