DIY Chinese Passwords Stealer

Saturday, September 29, 2007

DIY Chinese Passwords Stealer

This DIY passwords stealer courtesy of a chinese hacking group is pitched as Vista Compatible, with a server size in less than 20kb, process injection, form grabbing and password stealing capabilities for anything keyloggable, anti virus software killing capabilities, and uploading of the results to a central location, in this particular case an example is given for notification via Tencent, China's main IM network. More info :

"Backdoor.Hupigon.GEN has rootkit functionality. It injects itself into Internet Explorer causing IE to hide itself. It also logs keystrokes and sends this information to remote servers."

Detection rate of the builder: Result: 15/32 (46.88%)
File size: 267213 bytes
MD5: a4b9c9f42629865c542ac7b823982843
SHA1: 78f855843d312ab76e1f8f0b912bd475781a8864

Here are several more recent releases by Chinese hacking groups, as well as a comment on the big picture.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Saturday, September 29, 2007

DIY Chinese Passwords Stealer

No comments:

Post a Comment