Feeds

Pinch Trojan lives on after authors' convictions

S'kiddies squeeze suckers

Securing Web Applications Made Simple and Scalable

Updated Variants of the Pinch Trojan are infecting users more than a year after the arrest of its two original authors, , who were recently jailed for their crimes.

More than 4,000 PCs a day were getting infected by just one variant of the information-pilfering malware, according to net security firm PrevX, which bases this estimate on logs from a malware control website left open by cybercriminals.

An estimated 392 of the infected machines are from the USA, 335 from Brazil, 93 from China, and 73 from the UK. The data suggests that 150 of the Windows machines infected were running anti-virus software.

"This data is an interesting insight into the modern world of the malware developer," said Jacques Erasmus, director of malware research at Prevx. "By simply buying the software kit off the internet and adding a few custom tweaks, the owner of this particular variation is managing to get round major anti-virus software and stealing peoples credit card details, passwords, and other personal information."

PrevX has reported the site controlling the malware to the relevant ISP, a US-based provider of free hosting service, which subsequently shut it down.

Pinch is a Trojan creation toolkit credited with enabling virus writers to infect hundreds of thousands (if not millions) of Windows PCs. The toolkit used to be sold through black market hacking forums but the leakage of source code means that it's now freely available at no cost to anyone who cares to hunt it down, Erasmus explained.

The two suspected authors of the virus creation toolkit were arrested by Russian police in December 2007. Contrary to earlier versions of this story the two were prosecuted and convicted of computer crime offences.

Damir Farkhutdinov (AKA Damrai) and Alexey Ermishkin (aka Scratch) were jailed for 18 months and 12 months, respectively, at a sentencing hearing in December 2008. The Kalinskii regional court in the town of Chelyabinsk also ordered Farkhutdinov to pay a fine of 30,000 roubles ($828) and Ermishkin 20,000 roubles ($552).

The duo were estimated to have made 600,000 roubles ($16,569) by selling the virus toolkit they created between approximately January 2005 and June 2007. Kaspersky Lab researchers, who we're grateful for tracking down the result of the case, had written-up a more comprehensive run-down of the outcome of the case in a blog posting here. ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.