The Ultimate Trojan?

A security vendor in the UK has discovered a new trojan. Called Limbo 2, it is designed to steal information from financial institutions and banks. Jacques Erasmus, director of malware research at Prevx says it may be the most sophisticated Trojan ever. The Trojan’s power lies in it’s stealth characteristics. It is able to bypass anti-virus software thanks to it’s own cryptor that obfuscates it.

          It also has a unique technique to steal bank information, Erasmus told SCMagazineUS.com. It can inject a code into a live banking site. If you log into a bank, it is able to hijack your connection and adds an extra field into the page.

That extra field records the victims log on and personal bank account details. It also scans the victim’s hard drive for personal info, grabs it, and sends it to it’s botnet control center. Limbo 2 travels in the usual ways: via botnets, in compromised downloads, and web exploits. In the bustling underground world of cybercrime, a user license for it is available for $1300. Yes, in an example of true irony, malware writers actually protect their intellectual property by requiring end user licenses. Honor among thieves indeed! The writers of this “ultimate Trojan” offer a guarantee that it will be completely undetectable. Whether that guarantee is true is yet to be seen.