Slashdot Mirror

← Back to Stories (view on slashdot.org)

Custom Trojan Creation Tool Sold Online

Posted by Zonk on from the haxx0ring-made-e-z dept.

Finch writes "Net Security.org is reporting on the surprisingly sophisticated 'virus in a can' software called Pinch. Pinch is a tool sold on several online forums and designed to create Trojans. It allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. It is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it. 'Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.'"

3 of 121 comments (clear)

  1. Re:Scary stuff to be sure by realmolo · · Score: 4, Insightful

    Eh. Trojans/rootkits/viruses built form these "kits" tend to all be very similar. Essentially, if you defend against one, you're defended against all the others.

    Never mind the fact that it's a fucking KIT. If YOU can download it, so can the anti-virus people in order to figure out how to detect viruses made with it.

    The interesting thing about modern viruses/trojans/whatever is that very few of them are really *viruses* anymore. They rely almost completely on simply getting a user to manually run (or at least give permission to the system to run) an obfuscated executable. It's sad that the technique is so successful.

  2. Re:Torrent? by PCM2 · · Score: 4, Insightful

    apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan"

    Did you stop to think that maybe the construction set was identified as a Trojan because it ... you know ... contained the code for a Trojan? As in ... if it tripped your antivirus then you probably had the right one.

    --
    Breakfast served all day!
  3. Re:That sounds like fun by Electrum · · Score: 3, Insightful

    I know you're joking, but what sort of fool would trust the seller with their own CC#?

    Why does the card holder care? Your liability is limited to $50 by law, or zero by many card issuers. Merchants are the ones who lose with fraud, not the card holders or the credit card companies. In fact, the card company profits from fraud by hitting the merchant with a charge back fee in addition to reversing the transaction.