A variant of a banking Trojan known as Cridex can communicate with a CAPTCHA-breaking server in order to establish malicious email accounts. Researchers at Websense Security Labs posted a video documenting how Cridex broke a CAPTCHA test and opened a Yahoo email account in six attempts.
Cridex is a data-stealing Trojan that is similar to Zeus in the way it operates: It logs content from Web sessions and alters them to harvest information from the infected user.
Websense Security Labs
The Cridex network grows as it infects new machines via malicious emails. The emails contain links to a Black Hole exploit kit, which attacks vulnerabilities in Web browsers and plug-ins. If successful, the kit downloads Cridex onto the machine.
“Cridex is a data-stealing Trojan that is similar to Zeus in the way it operates: It logs content from Web sessions and alters them to harvest information from the infected user,” according to the Websense Security Labs blog.
Cridex targets information from platforms like Facebook, Twitter and several online banking services. That data is then sent to a remote server.
Finally, it uses the infected machine to grow the size of the bot.
According to Websense, the Trojan “opens Web sessions to online mail services and registers new email accounts that are later used by the bot to send spam/malicious emails.”
Cridex cannot run without a successful attack by the Black Hole exploit kit. Machines with updated Web browsers and applications, as well as the latest antivirus software, should be protected, Websense said.