A new type of malware.

Published on November 7, 2012 By DrJBHL In Personal Computing

TrendLabs has reported the Pixsteal-A-Trojan. It’s a new type of malware which targets image files to expose those infected to identity theft, blackmail and fraud.

This Trojan finds image files on your drives and transfers these images to a remote server. The affected file types are .jpg, .jpeg and .dmp (dmp's are created by computer or program crashes). While AutoCAD files have been targeted in the past by industrial espionage spyware, most Trojans concentrate on text and document files. However, users store sensitive information in image files, so they have become a target as well.

So who cares if a bunch of .jpegs are transferred? You might, if you take screenshots of receipts or are going paperless, or if you scan personal records or patient records onto your personal or office computer. Some of those might be very sensitive, like tax records, lab reports, etc.

The Pixsteal Trojan is spyware. The victim is infected via the internet by downloading contaminated software or files, or by other malware on the user’s system. Conceivably, the route of infection might even be via email. While email and steganography weren’t specifically mentioned, I see no reason they couldn’t be used to disseminate this Trojan. So beware .jpegs, etc. which appear exceptionally large. Once on the machine, the trojan seeks out images on all the drives of that computer, copies them to a central location on the C: drive, connects to the remote FTP server and transfers the files.

There might also be images (like those young folks take) which could prove quite embarrassing if they fall into the wrong hands (ask Prince Harry if you don’t believe me). Apparently, some 88% do get harvested and sold to/on parasite sites. Apparently, sifting the harvesting can be quite tedious, but is quite productive.

So… be aware. Be safe in your Internet habits, and keep your security software updated folks.

Sources:

http://securitywatch.pcmag.com/none/304678-image-stealing-trojan-exposes-victims-to-id-theft-blackmail

http://blog.trendmicro.com/trendlabs-security-intelligence/malware-steals-image-files-from-systems/

http://about-threats.trendmicro.com/us/malware/TSPY_PIXSTEAL.A

Comments (Page 1)

benmanns

on Nov 07, 2012

Thanks DOC... There is also a security flaw currently in windows8 i doubt it has been fixed yet.. The French company Vupen found it and is selling it .
I dont know if it has been sold already but i think it wont take long.

teddybearcholla

on Nov 07, 2012

EvilMario

on Nov 07, 2012

Damn if they use that on my pc... Gonna have to go through ALOT of kinkiy ass porn...

Ryat

on Nov 07, 2012

Thanks for the heads up.

LightStar

on Nov 07, 2012

Man I wish they would catch everyone who creates this type of crap and give them ALL lobotomies!

Uvah

on Nov 07, 2012

LightStar

reply 5

Man I wish they would catch everyone who creates this type of crap and give them ALL lobotomies!

With a tattoo on thier foreheads that says..."DUH!"

Uvah

on Nov 07, 2012

[quote who="Uvah" reply="6" id="3270990"]
Quoting LightStar, reply 5Man I wish they would catch everyone who creates this type of crap and give them ALL lobotomies!

With a tattoo on thier foreheads that says...Simpson wannabe. lol

DaveRI

on Nov 07, 2012

I feel obligated to point out the bottom section regarding cell phones in the 1st link of the OP:

http://securitywatch.pcmag.com/none/304678-image-stealing-trojan-exposes-victims-to-id-theft-blackmail

That's enough to trigger any paranoia issues a person might have lurking about. Might want to keep that cell phone in a case.

EvilMario

on Nov 07, 2012

DaveRI

reply 9

I feel obligated to point out the bottom section regarding cell phones in the 1st link of the OP:

http://securitywatch.pcmag.com/none/304678-image-stealing-trojan-exposes-victims-to-id-theft-blackmail

That's enough to trigger any paranoia issues a person might have lurking about. Might want to keep that cell phone in a case.

The army in my country (if you serve in any type of sensitive area no matter how unsensitive it is) makes soldier either leave their phones outside or break there camera.

Emperor_Nero

on Nov 07, 2012

I have probably 20gb of images because I do a lot of graphic design. 99% of them are PNGs. haha.

This is really clever though.

DrJBHL

on Nov 07, 2012

I'd bet there are variants (or will be shortly) which harvest .png files.

Remember, the 'type' of image as well as the info included in the image (and the metadata) are what make the victim so vulnerable.

Emperor_Nero

on Nov 07, 2012

DrJBHL

reply 12

I'd bet there are variants (or will be shortly) which harvest .png files.

Remember, the 'type' of image as well as the info included in the image (and the metadata) are what make the victim so vulnerable.

Still doesn't bother me. I don't keep any personal data on this laptop and I don't screenshot anything that is going to have sensitive information. I'll usually just write it down.

Fuzzy Logic

on Nov 07, 2012

OMG! I hope my 1.35Tb of pr0n doesn't go missing!

benmanns

on Nov 07, 2012

Backup´s being made all over the World ATM

starkers

on Nov 07, 2012

Fuzzy Logic

reply 13

OMG! I hope my 1.35Tb of pr0n doesn't go missing!

Shit, is that all? You had 1.25Tb of pr0n last time something like this came up.

That was 3 years ago... meaning, you should have at least 3.75Tb of pr0n by now.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!