New Trojan Disguises Malicious Traffic
Websense raised the alarm Tuesday of a phishing Trojan that uses a new technique to cloak its activity.
The San Diego-based Web security company said that the Trojan, which installs itself as an Internet Explorer helper object, waits for the user to enter information in specific Web site forms -- particularly online banking sites -- then zaps the stolen data back to the attacker.
What's unique about the new Trojan, said Websense, is that it delivers that data via ICMP packets. Keylogging Trojans usually transmit purloined usernames and passwords via e-mail or a HTTP POST command. Both can be easily spotted.