Trojan-to-worm toolkit helps advanced hackers go undetected

Share this article:
Researchers at Panda Labs have discovered a free toolkit that allows users to turn any executable file into a worm.

The tool, believed to originate in Spain, is simple to use and can be designed with various functionality, according to Panda. The application, known as T2W, or TrojanToWorm, can be customized to disable certain operating system components, such as Task Manager, Windows Registry Editor and web browsers.

"The scary part is that you can take existing stealth-based malware and actually make it a worm," Ryan Sherstobitoff, chief corporate evangelist for Panda Security, told SCMagazineUS.com on Wednesday. "Now you can infect hundreds of desktops. That's the really scary part. Taking something that's already really dangerous and making it self-replicate."

But experts say the application, more than anything, is a deliberate design aimed at inexperienced hackers, known as script kiddies, so more sophisticated hackers can continue to fly under the radar and commit silent but destructive data breaches.

The idea is to create as much noise as possible so corporate IT security departments get distracted dealing with these incidents, Sherstobitoff said. That is why the toolkit -- and many others like it -- is being offered for free in underground forums populated by script kiddies.

"This is a way to get their real clever attacks unseen for as long as possible," he said. "They can get away with breaching a Hannaford or a TJX and nobody will notice because they're too busy killing the script kiddies who are creating malware."

Even though the toolkit can create a worm, it is unlikely to result in a dangerous threat because most identity-theft malware is "beyond the capability of a script kiddie," Sherstobitoff said.

Sam Curry, vice president of product management for identity and access assurance at RSA, said the strategy of creating "noise" has been around for many years but only recently has the motivation turned financial.

"We're seeing a proliferation of a lot of tools," he told SCMagazineUS.com on Wednesday. "The more noise there is, the less likely someone is to get caught. If all the alarm bells in your building go off at once, where do you send the security guard?"

Curry said many of these toolkits are placed in underground forums, which are created by the most advanced cybercriminals, but frequented by low-level hackers.

"They think they're hanging with the tough crowd, but they're actually just the stool pigeons and distractions," Curry said. "It's actually pathetic in a way."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.