For information on how to deal with, and protect your computer, please go down to the bottom of the help desk to the archive section (main page). From there select how to combat Spyware, in this archive there are many tools, which will help you combat this problem. Also included is a known list of computer viruses, this list will be updated as moderate to major viruses are known. In addition there is also a Phishing archive with the latest scams; this list is also updated as scams are made known. If you notice a particular process or DLL that is running on your machine and you do not know what it is, then you can go here http://www.processLibrary.com/ and look that process or DLL up to find out what it is.


Email This Page to Someone
   Footslog's Web Boards
  Cyber safety
  Malicious Code / Phishing Alert: Data Stolen via ICMP

Post New Topic  Post A Reply
profile | register | preferences | faq | search

next newest topic | next oldest topic
Author Topic:   Malicious Code / Phishing Alert: Data Stolen via ICMP
Josh1
Administrator 		posted August 08, 2006 02:58 PM     Click Here to See the Profile for Josh1     Edit/Delete Message
WebsenseŽ Security Labs(TM) has received a sample of a new phishing Trojan that delivers stolen information back to the attacker via ICMP packets. Upon infection of a victim's computer, the Trojan will install itself as an Internet Explorer Browser Helper Object (BHO). The BHO then waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

The method of network transport used by the attacker makes this Trojan unique. Typically, keyloggers of this type will send the stolen information back to the attacker via email or HTTP POST, which can appear suspicious. Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet.

To network administrators and egress filters, this ICMP packet looks like legitimate traffic leaving the network. However, the ICMP packet actually contains encoded personal information entered by a user. The attackers presumably capture this packet at their remote server, where the packet is easily decoded to reveal the information entered by the user.

------------------
Forget not my law but let your heart keep my commandments Proverbs 3:1

Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

For every problem, there is a solution.

Please give what you can to the Hurricane relief

http://www.microsoft.com/mscorp/citizenship/giving/relief.asp


IP: Logged

All times are CT (US)

next newest topic | next oldest topic

Administrative Options: Close Topic | Archive/Move | Delete Topic
Post New Topic  Post A Reply
Hop to:

Contact Us | Footslog Home



Ad

The information presented on FootsloG.com is copyrighted as a collective work. FootsloG.com is free for personal use (non-commercial). Any other use FootsloG.com, including copying or reproducing any portion of this web site is strictly prohibited without the express written consent of FootsloG.com. If you have any questions about the usage term please contact us via email: webmaster@footslog.com.



Problems, Knowledge, and Power, powered by intelligent Computing Solutions