[Dshield] Skeptical: WAS Srv.SSA-KeyLogger

Tom Liston tliston at premmag.com
Thu Aug 11 23:52:00 GMT 2005


I also investigated an earlier variant of this thing:

http://isc.sans.org/diary.php?date=2005-05-11

Regards,


-TL
--
tliston at premmag.com

-----Original Message-----
From: "Fergie (Paul Ferguson)" <fergdawg at netzero.net>
Date: Thursday, Aug 11, 2005 6:44 pm
Subject: Re: [Dshield] Skeptical: WAS Srv.SSA-KeyLogger

And this from eWeek:

[snip]

Sunbelt Adds Detection for ID Theft Keylogger

Anti-spyware vendor Sunbelt plans to release a free tool to zap a sophisticated keystroke logger being used by an organized ring of identity thieves.

The spyware keylogger, named Srv.SSA-KeyLogger, was being used to hijack confidential data from millions of infected computers and send the information back to a remote server controlled by an identity theft ring.

[and]

The keystroke logger has been programmed to shut down the firewall that ships with Windows XP and steal data from the IE "Protected Storage Area."

The program also hijacks data from the Windows clipboard and uploads all the stolen data to a remote Web server controlled by an unknown ring of identity thieves.

[snip]

http://www.eweek.com/article2/0,1895,1847427,00.asp

- ferg


-- "Paul Marsh" <pmarsh at nmefdn.org> wrote:

It looks like Lavasoft has found the same thing according to Sunbelt http://sunbeltblog.blogspot.com/ 


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or fergdawg at sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list