Keylogging Internet worm on the loose

Keylogging Internet worm on the loose

Anti-virus firm F-Secure is warning of the spread of a keylogging Internet worm designed to steal online passwords and credit card numbers from infected computers.

The worm, known as Korgo, exploits the LSASS vulnerability to auto-infect Windows systems that haven't applied the MS04-11 patch issued by Microsoft in April.

F-Secure's Mikko Hypponen says the worm is spreading actively and is aggressively stealing user information from infected machines.

"It does this via a keylogger which specifically collects user logins for online banks (the ones which do not use one-time passwords)," he says. "It also logs everything the user types to any Web form - this will collect lots of credit card numbers, passwords etc."

Information culled from machines is sent to one of 11 geographically distributed Internet Relay Chat (IRC) servers.

Hypponen advises anyone infected by Korgo to change their passwords and cancel their credit cards. "Especially the ones you've used during last week. This is not a joke."

Comments: (0)