Demonize-T Trojan Steals Passwords, Keystrokes

A new Trojan is being aggressively spammed to end users and may install a key logger and password sniffer to hijack confidential information.

June 9, 2004

1 Min Read
Network Computing logo

Filtering firm MessageLabs said Monday that it has detected a new Trojan that's being aggressively spammed to end-users and may install a key logger and password sniffer to hijack confidential information, such as credit-card numbers and log-in passwords.

Dubbed Demonize-T, the Trojan begins with an e-mail message bearing a variety of subject headings, including, 'the email from 2 days is my replay [sic]" and "Hey whatsup remember me?" Once it infects a system, Demonize-T opens a backdoor and begins communicating with a malicious Web site.

Since late Sunday, U.K.-based MessageLabs has intercepted more than 4,000 copies of the Demonize-T, a much higher number than for the typical Trojan, which often tally as few as 20 copies. "The new attacks appear to be far more intense," said a MessageLabs spokesperson via e-mail.

The multistage Trojan downloads and executes a Visual Basic script from the Web site to compromise the machine and possibly load code onto the unsuspecting user's computer.

"Early indications suggest that this is similar to previous attacks, where Trojans have been used to install key loggers and password stealers," the MessageLabs spokesperson said.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights