Tigger trojan takes the cake

If there was a competition for best-designed piece of malware, the Tigger trojan would likely take the cake. This is one of those worse-than-you-could-ever-imagine piece of malware that combines features from the best (worst) of them all. For a complete list, see the blog post by MNIN Security. Features include:
  • disables several security software products
  • prevents access to kernel driver's memory (harder to detect)
  • takes screen shots
  • spies on browser events
  • exports passwords (protected storage and over 11 popular apps)
  • steals web cookies & certificates
  • sniffs FTP and POP3 passwords
Tigger apparently
collects a massive amount of system information, provides a backdoor command shell on infected machines, downloads additional malware per C&C [Command & Control] instruction, and tries to clean the system of over 20 other malware families.
The Washington Post article reports that Tigger seems to "target mainly customers or employees of stock and options trading firms," specifically: E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade and Scottrade.

Src: Why I Enjoyed Tigger/Syzor | MNIN Security Blog
Src2: The Tigger Trojan: Icky, Sticky Stuff

No comments: