The Register® — Biting the hand that feeds IT

Feeds

Instant trojan to worm toolkit sighted

No skills required to create malware

By John Leyden, 18th June 2008
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Miscreants have created a point-and-click toolkit designed to make it easier to both create and distribute Trojans.

The Trojan2Worm (T2W) toolkit turns any executable file into a worm with auto-spreading capabilities. As such it provides the ability for Trojan infection agents to acquire worm-like spreading abilities.

The tool requires minimal skills to use, net security firm Panda Security reports. Features include the ability to compress infectious files or mutate their contents, tricks designed to make it easier to smuggle malware past anti-virus scanners. It's also possible to program malware so that it disables Task Manager, Windows Registry Editor or even selected browsers.

All this and more is possible at the click of a button. There's even an option to either enable or disable the infection of removable drives. No programming skills are required.

Panda reckons the software was developed in Spain, largely based on its support for the English, Spanish, Portuguese and Catalan languages. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (19)
Latest Comments
Anonymous Coward

this just in from McAfee

Notice

This is a Low-Profiled Threat Notice for HTool-T2W

Justification

HTool-T2W has been deemed Low-Profiled due to media attention at the following link: http://www.theregister.co.uk/2008/06/18/trojan_worm_toolkit/

Read About It

Information about HTool-T2W is located on VIL at: http://vil.nai.com/vil/content/v_146248.htm

Detection

HTool-T2W was first discovered on June 25, 2008 and detection will be added to the 5325 dat files (Release Date: June 25, 2008).

Though we consider this a low threat, An EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page: <https://www.webimmune.net/extra/getextra.aspx>

If you suspect you have HTool-T2W, please submit a sample to <http://www.webimmune.net>

Risk Assessment Definition

For further information on the Risk Assessment and Avert Labs Recommended Actions please see: <http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html>

For breaking security information from McAfee® Avert® Labs visit:

McAfee Avert Labs Blog

http://www.avertlabs.com/research/blog

AudioParasitics - The Official PodCast of McAfee Avert Labs http://podcasts.mcafee.com/audioparasitics

Sign up for McAfee® Avert® Labs Security Advisories http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx

0
0
amanfromMars

Capital Assault or Banking Rules Change? Dealers Choice.

"Of course everything is possible at the click of a button, if some poor sap has written all the code underneath :)" .... By Anonymous Coward Posted Thursday 19th June 2008 05:39 GMT

Those poor saps will never ever be poor again, AC....... and they will Know All About the Value of Wealth and what you do with IT.

0
0
Anonymous Coward

The sad thing is (one of many sad things)

...that it probably is more stable than MS's commercial software, more compatible, and more user friendly. I wonder if it has a listing in add/remove programs to be uninstalled? (probably it's stand-alone and doesn't need such crap) And another sad thing is that these are obviously talented (although criminal) guys, that will probably never hold a high-paying, "respectable" job, with opportunity for growth, like MS would provide if these guys could get their feet in the door. Instead, they'll cause much human misery out of bitterness, indifference, and the sheer lack of opportunity that life (and their own choices) has provided them. They'll probably erratically make a few thousand or tens of thousands of dollars off their malware kit before being shaken down and incarcerated, mostly because of their own idiot bravado, while less talented (but more emotionally mature and experienced) developers coast on making their way in the world. <sigh> All of life disgusts me today...

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
127
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
59
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13