New Keylogger In The Wild

[Matt]

Hey folks. Just thought I'd post this here since this may or may not become a larger threat.

I'm currently working with a user in the HJT section, and we came across a file that I had never seen before. There was no reference of it on Google, so I had it submitted to many experts from various security coorporations and organizations. The file returned as a keylogger that tracks every keystroke you make. Then, it send the information to a third party. Credit card, and other personal info can be collected, so if infected, you have the possibility of becoming a victim of identity theft.

Normally, I wouldn't post something like this; since things of this nature are all over the place. However, just two days ago, 0/15 virus scans had a detection for this infection, and 1/15 flagged it as 'maybe malicious'. Since that time, the file has been sent to the various companies, and detection rules have been updated for some of them. Depending on how fast your AV updates its detections, you may or may not be protected. Last I checked, AVG (to name a popular one) doesn't detect this yet.

Any user infected with this needs to change all their passwords right away from a clean computer or after their computer is cleaned of the malware. They could be victims of identity theft and should put their banks/credit companies on alert, since this thing captures all keytrokes.

So, even if you AV finds it, it would be wise to change your passwords, and ever perhaps alert the financial coorporations you are associated with.

Like I said, the file is being sent to the various vendors, and this should be a non-issue soon. However, this is one messy piece of malware.

Safe computing,

Matt

[thesidekickcat]

Bless you and thank you, for your going beyond the call of duty to send it to the security companies etc. for us to hopefully soon be protected from it.

Pat

God bless everyone

[Matt]

Sophos has added information on the infection.