Demonize-T Trojan Steals Passwords, Keystrokes

Filtering firm MessageLabs said Monday that it has detected a new Trojan that's being aggressively spammed to end-users and may install a key logger and password sniffer to hijack confidential information, such as credit-card numbers and log-in passwords.

Dubbed Demonize-T, the Trojan begins with an e-mail message bearing a variety of subject headings, including, 'the email from 2 days ago...here is my replay [sic]" and "Hey whatsup remember me?" Once it infects a system, Demonize-T opens a backdoor and begins communicating with a malicious Web site.

Since late Sunday, U.K.-based MessageLabs has intercepted more than 4,000 copies of the Demonize-T, a much higher number than for the typical Trojan, which often tally as few as 20 copies. "The new attacks appear to be far more intense," said a MessageLabs spokesperson via e-mail.

The multistage Trojan downloads and executes a Visual Basic script from the Web site to compromise the machine and possibly load code onto the unsuspecting user's computer.

"Early indications suggest that this is similar to previous attacks, where Trojans have been used to install key loggers and password stealers," the MessageLabs spokesperson said.