Saturday, July 29, 2006
A Trojan Called MetaFisher
"Hackers are taking advantage of a flaw in Microsoft’s Windows Metafile (WMF) to sneak a Trojan into the personal systems of customers of banks across the United Kingdom, Spain and Germany, and in the process, steal personal and security information. The modus operandi involves luring unsuspecting victims to visit malicious websites through a flood of emails. Once the user logs on to one such site, an inherent weakness in WMF allows a Trojan horse called MetaFisher to download in to his/her computer. This intruder program then collects bank account and other sensitive information from the host computer which it infects, and sends it to remote servers where the data is harvested. This malicious Trojan, which also goes by the names of Spy-Agent and PWS, is an example of how a security attack can happen under your nose, without you being able to get a whiff of it.
Tip of the iceberg for forked file systems. More on forked systems later.
