Slashdot Mirror
Sykipot Trojan Variant Stealing DoD Smartcard Credentials
Trailrunner7 writes "A new research report says variants of the Sykipot Trojan have been found that can steal Dept. of Defense smartcard credentials. The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against the defense industry. The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in 'dozens of attacks' and contain features that would allow remote attackers to steal smart card credentials and access sensitive information."
Per the Article:
>> The Trojan is delivered to target systems in a corrupted PDF attached to spear-phishing e-mail messages. The PDFs exploited a previously unknown software vulnerability in the Adobe Reader program, the company said.
Is it just me, or is a program whose purpose (for the vast majority of users) is just to open a document to print turned into a gigantic bloated mess that was far better 10 years ago?
The trojan steals "use" of the inserted card, and probably the PIN. The private key remains safely in the card, and the trojan can't use it once the card is removed. The defenses are (1) don't use smart card on untrusted computer, or (2) if no other choice, use smart card only long enough to accomplish a specific task. The smart card PIN can be changed by the user, so it may not even be necessary to revoke the credential after an exposure. However, the trojan also gains temporary use of the card holder's digital signature -- meaning that authentic digitally-signed spear phishing emails could be sent under the card-holder's email account. If the card is inserted but the PIN is never entered, then a trojan might maliciously enter several random PINs and block the card as a DoS attack...