Cridex Trojan breaks CAPTCHA, targets Facebook, Twitter users

The banking Trojan variant Cridex can break CAPTCHA tests in just a few attempts, allowing it to create malicious email accounts used for spamming and propagating the virus.

A variant of a banking Trojan known as Cridex can communicate with a CAPTCHA-breaking server in order to establish malicious email accounts. Researchers at Websense Security Labs posted a video documenting how Cridex broke a CAPTCHA test and opened a Yahoo email account in six attempts.

Cridex is a data-stealing Trojan that is similar to Zeus in the way it operates: It logs content from Web sessions and alters them to harvest information from the infected user.

Websense Security Labs

The Cridex network grows as it infects new machines via malicious emails. The emails contain links to a Black Hole exploit kit, which attacks vulnerabilities in Web browsers and plug-ins. If successful, the kit downloads Cridex onto the machine.

“Cridex is a data-stealing Trojan that is similar to Zeus in the way it operates: It logs content from Web sessions and alters them to harvest information from the infected user,” according to the Websense Security Labs blog.

Cridex targets information from platforms like Facebook, Twitter and several online banking services. That data is then sent to a remote server.

Finally, it uses the infected machine to grow the size of the bot.

According to Websense, the Trojan “opens Web sessions to online mail services and registers new email accounts that are later used by the bot to send spam/malicious emails.”

Cridex cannot run without a successful attack by the Black Hole exploit kit. Machines with updated Web browsers and applications, as well as the latest antivirus software, should be protected, Websense said.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close