Hi All, Sunspot, a little known Windows malware platform that has been in circulation 2day,Mostly it targets 32-bit and 64-bit Windows platforms from Windows XP through Windows 7, and is capable of installing in non-administrator and administrator accounts.
Once installed, it targets Internet Explorer and Firefox browsers. This is a very modern malware platform with sophisticated fraud capabilities. According to a Virus Total analysis, only nine of 42 anti-virus programs tested, or 21%, currently detect Sunspot. It can carry out man-in-the-browser attacks including web injections, page grabbing, key-logging and screen shooting (which captures screenshots of the mouse vicinity as a user types his/her password on a virtual keyboard). Trusteer traced the Sunspot Command and Control Server (C&C) hostname to a domain registered in Russia. Once installed, Sunspot is started either by "rundll32.exe" via HKCU\Software\Microsoft\Windows\CurrentVersion\Run or via HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components. It uses CBT hooking to load its DLL into the browser (Internet Explorer/Firefox). Inside the browser it hooks several Wininet/NSPR4/user32 functions for web injections, page grabbing and key-logging. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
