TechWorld | ComputerWorld reports on a variant of the Trojan variant called ‘Prg’ that harnesses information from users who fall prey to dubious Job ads and click on them. It was the researchers at Security Firm SecureWorks who first uncovered the Trojan.
A quote from the article at DarkReading:
“The hackers behind this scam are running ads on job sites and are injected those ads with the Trojan,” said Jackson. “Thus, when a user views or clicks on one of the malicious ads, their PC is getting infected and all the information they are entering into their browser (including financial information being entered before it reaches the SSL protected sites) is being captured and sent off to the hacker’s server in Asia Pacific. This one server is still collecting stolen data and at any one time, we are seeing 9,000 to 10,000 victims sending information to the server.”
The hackers have been using numerous techniques to evade detection by antivirus software, and they release newer versions of the Trojan very frequently. What makes the Trojan even more dangerous is that it can sniff data from windows internal memory before data is encrypted, implying that it can circumvent SSL security measures as well.
Once again, the only adage most useful for online security is: Look before you click.