Results 1 to 8 of 8

Thread: Name of Checkfree trojan?

  1. #1
    Junior Member
    Join Date
    May 2006
    Posts
    10

    Name of Checkfree trojan?

    Does anyone know the name of the trojan used in the Dec. 2nd DNS hijack of CheckFree?

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    DNS wasn't really hijacked. They managed to obtain the username/password that allowed them to change the domain.

    They probably got those credentials with spear phishing.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member
    Join Date
    May 2006
    Posts
    10
    Quote Originally Posted by SirDice View Post
    DNS wasn't really hijacked. They managed to obtain the username/password that allowed them to change the domain.

    They probably got those credentials with spear phishing.
    You sir are correct, poor wording on my part. Do you know what the name of the malware/trojan was? I need this info because I have to call customers who were affected by this. I am just wondering what McAfee or Norton would have called the software if detected.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    As I said, they probably used spear phishing, not a trojan or any other type of malware.


    http://en.wikipedia.org/wiki/Phishing
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Junior Member
    Join Date
    May 2006
    Posts
    10
    Quote Originally Posted by SirDice View Post
    As I said, they probably used spear phishing, not a trojan or any other type of malware.


    http://en.wikipedia.org/wiki/Phishing


    No. The users that were directed to the site in the Ukraine, as opposed to the real checkfree site could have had their computers infected with malicious software. My question is what would a antivirus scanner identified the threat as? Most sources say the fake web server attempted to download a Trojan using an IE exploit. I want the name of the Trojan. That is my question here.

  6. #6
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    According to CNET the name of the file was msn.exe.

    Nov 26, 2008 ... Customers of CheckFree.com, an online bill paying site, .... and in the background downloads a password stealing Trojan named 'msn.exe.'" ...
    news.cnet.com/8300-1009_3-83.html?keyword=%22trojans%22 - 139k -

    http://voices.washingtonpost.com/sec...l?nav=rss_blog

    There are many variants of this virus
    http://www.viruslist.com/en/virusesd...pter=153317860
    In God We Trust....Everything else we backup.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Ah.. Now I understand

    AFAIK they used an adobe acrobat exploit to install a keylogger. See http://www.securityfocus.com/bid/30035
    No names, so it's likely a custom build exploit.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Junior Member
    Join Date
    May 2006
    Posts
    10
    Thank you both. Both posts contain info that I did not have!

Similar Threads

  1. Trojans - Ports
    By GbinaryR in forum AntiVirus Discussions
    Replies: 11
    Last Post: October 30th, 2008, 09:33 AM
  2. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  3. Reverse-Engineering the First Pocket PC Trojan, Part 1
    By MrLinus in forum AntiVirus Discussions
    Replies: 1
    Last Post: October 12th, 2004, 05:26 AM
  4. My firewall block this attempt.. but need info
    By LordChaos in forum Firewall & Honeypot Discussions
    Replies: 19
    Last Post: October 4th, 2002, 11:58 AM
  5. A new Trojan for *Nix...
    By [WebCarnage] in forum Security Archives
    Replies: 0
    Last Post: January 10th, 2002, 09:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •