Threat of the month: Snatch Trojan

What is it?

The Snatch Trojan horse is an advanced malicious code that targetsonline banking activities.

How does it work?

It's a multi-function Trojan with the following components: SSLform-grabber, advanced logs manager, search engine query spoofer(preconfigured SE query pharming tool), advanced E-Gold grabber,advanced TAN grabber, and ITAN grabber.

Snatch includes the ability to grab all SSL combinations for popularsites such as eBay, PayPal, e-Gold, Casino and others. It acts after auser has connected or authenticated to a website, rendering commonone-channel authentication techniques useless.

Should I be worried?

The developers were marketing Snatch until mid-August, when the site wasno longer available. While the site was active, the authors were sellingSnatch in three versions.

How can I prevent it?

Until companies release anti-virus signatures for Snatch, the best wayto prevent it is to be wary of installing software. An administrator canalso baseline and compare computers and search queries to detectSnatch.

This Trojan heavily targets e-Gold accounts, so anomalous behaviourcaused by Snatch may be detectable in that context.

Ken Dunham, director of rapid response, and Frederick Doyle, seniorintelligence analyst, VeriSign iDefense.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.