Radware’s ERT releases a threat alert regarding a new Trojan malware that sends sensitive user information out of the organization.
Radware’s Emergency Response Team (ERT) research Lab released a threat alert regarding a newly discovered Trojan Key Logger named Admin.HLP that was detected today for the first time within one of its customer’s servers.
Admin.HLP, is malicious software that monitors keystrokes on the victim’s computer, collects user passwords, credit card numbers and other sensitive information. Then it sends all the stolen data out of the organization to the attackers’ remote servers over secured HTTPS connection.
The Admin.HLP Trojan is hidden within a standard Windows help file named Amministrazione.hlp and attaches itself to emails. This standard help file does not trigger a response from anti-virus software that may be installed, and therefore it slips under the radar of standard security protection. Once the Windows help file is opened, Admin.HLP installs itself on the victim’s computer, and it starts to collect keystrokes, which over time is sent to the attackers’ remote server.
In order to remain a persistent threat, Admin.HLP creates a startup file in Windows, guaranteeing that the Trojan is invoked after every restart of the computer.
Radware's ERT has prepared a technical document with further details on malware. Click here to get a copy.
Radware ERT Advice:
Radware’s ERT team has created a signature to block all communication between infected organizations and the attackers’ remote servers. This prevents data leakage from the organization at all cost, no matter how many computers are infected in the organization or how difficult is it to remove the Trojan from the end users computers.
Radware’s customers are encouraged to contact the ERT to receive immediate assistance and instructions on how to remove it. Other prospects and non-Radware customers can contact the ERT through a Radware representative.