What is it?

The Snatch Trojan horse is an advanced malicious code that targets online banking activities.

How does it work?

It's a multi-function Trojan with the following components: SSL form-grabber, advanced logs manager, search engine query spoofer (preconfigured SE query pharming tool), advanced E-Gold grabber, advanced TAN grabber, and ITAN grabber.

Snatch includes the ability to grab all SSL combinations for popular sites such as eBay, PayPal, e-Gold, Casino and others. It acts after a user has connected or authenticated to a website, rendering common one-channel authentication techniques useless.

Should I be worried?

The developers were marketing Snatch until mid-August, when the site was no longer available. While the site was active, the authors were selling Snatch in three versions.

How can I prevent it?

Until companies release anti-virus signatures for Snatch, the best way to prevent it is to be wary of installing software. An administrator can also baseline and compare computers and search queries to detect Snatch.

This Trojan heavily targets e-Gold accounts, so anomalous behaviour caused by Snatch may be detectable in that context.

Ken Dunham, director of rapid response, and Frederick Doyle, senior intelligence analyst, VeriSign iDefense.