Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: IT Wiser
New Trojan Infects Computers with Bible Verses
Barely a day goes by at ITWiser when we are not introduced to a new form of malware trying to steal personal information from computer users. Our Cloud Web Security software is being called into action again as the recommended prevention for Facebook and Yahoo! users threatened with a strange new Trojan that infects PCs with passages from the Bible.
Called GEN:VARIANT:DOWNLOADER.167, the Trojan was discovered on the website Virustotal last week; it is infecting hundreds of computers throughout Europe as we speak. According to security researchers from BitDefender, the Facebook and Yahoo! virus has been seen infecting computers in the UK, Germany, France, Denmark, and Romania, and could be on its way to the US and Canada.
A Trojan with Manners
The virus disguises itself as an innocent, and terribly polite, message from a friend asking if it’s okay to post images on social media and provides seemingly legitimate links to credible sites such as Dropbox and Fileswap. However, upon clicking the links, users are infected with the unwanted malware package.
Once it has made its way on to a PC, Downloader-167 can gain access to a user’s personal information and spread to more systems by messaging friends on Facebook and through Yahoo! Messenger.
This type of Trojan is nothing new and bears the same traits as last year’s Dorkbot malware. However, the use of Biblical verses to push decryption keys is something that has not been seen before.
“Besides being wonderfully polite, the Trojan also uses biblical verses as decryption keys for its data ... research proved the Trojan hides some of its encrypted data between biblical verses. The data is eventually decrypted with numbers generated by an algorithm with a mathematical processor,” BitDefender told The Register.
The endgame of the Trojan is thought to be the distribution of malware and the stealing of data for resale on the black market.
“The final aim of the Trojan is probably to make money from reselling sensitive data ... after it's executed on the machine, the Trojan searches for a command and control centre, which may order it to download further malware and eventually send confidential data such as passwords, usernames and banking credentials directly to the attackers,” the security firm said.
If you happen to see a polite, but suspicious looking message from a friend on Facebook or Yahoo!, especially if it is someone you rarely have contact with, ignore it and get Cloud Web Security on the case immediately.