Threat of the month: Snatch Trojan | SC Media

Threat of the month: Snatch Trojan

November 13, 2006

What is it?

The Snatch Trojan horse is an advanced malicious code that targetsonline banking activities.

How does it work?

It's a multi-function Trojan with the following components: SSLform-grabber, advanced logs manager, search engine query spoofer(preconfigured SE query pharming tool), advanced E-Gold grabber,advanced TAN grabber, and ITAN grabber.

Snatch includes the ability to grab all SSL combinations for popularsites such as eBay, PayPal, e-Gold, Casino and others. It acts after auser has connected or authenticated to a website, rendering commonone-channel authentication techniques useless.

Should I be worried?

The developers were marketing Snatch until mid-August, when the site wasno longer available. While the site was active, the authors were sellingSnatch in three versions.

How can I prevent it?

Until companies release anti-virus signatures for Snatch, the best wayto prevent it is to be wary of installing software. An administrator canalso baseline and compare computers and search queries to detectSnatch.

This Trojan heavily targets e-Gold accounts, so anomalous behaviourcaused by Snatch may be detectable in that context.

Ken Dunham, director of rapid response, and Frederick Doyle, seniorintelligence analyst, VeriSign iDefense.

prestitial ad