Threat of the month: LDPinch

July 30, 2007

What is it?

LDPinch is a family of Windows spyware programs that can steal data viaa keystroke logger and tie it to applications such as email, FTP, chatclients and websites. The malware can send the captured data to awebsite via an HTTP POST or via email messages.

How does it work?

LDPinch typically arrives on a system through a malicious website, anemail attachment or in shared files. It installs a Trojan DLL thatallows it to read the contents of data being written and read on thenetwork, giving it access to stolen authentication data. LDPinch canalso access applications via their COM interfaces and steal both storedand entered passwords.

Should I be worried?

Most AV software detects common LDPinch variants. However, because it iseasily available, LDPinch can pose a threat to organisations due to itspopularity and because it is designed to be extended by its users.

How can I prevent it?

LDPinch uses no exploits to install itself on to a victim computer otherthan social engineering tricks. If files are scanned on entering thenetwork via a scanning proxy or a content scanning mail server, andphysical devices are restricted, a lot of the avenues for LDPinch topropagate are closed. Updated anti-virus tools that scan files onaccess, can also help stop the spread of this malware.

prestitial ad