Sana Security has warned of a Trojan, called “rootkit.hearse”. The Trojan is hidden by a rootkit and steals usernames and passwords from computers.


Sana Security has warned of a Trojan, called “rootkit.hearse”. The Trojan is hidden by a rootkit and steals usernames and passwords from computers.

The Trojan can survive after rebooting and does not run as a separate process. The Trojan cannot be seen by end users on their computers.

According to Sana Security, the Trojan was found while investigating a worm called Win 32.Alcra which tried to contact websites and download additional payloads. One of these websites was the installer for the rootkit and Trojan.

Once the Trojan was installed on a computer, it started to communicate with a web server in Russia and store usernames and passwords. The Trojan is not active at all times. It begins operating everytime the user browses a website that requires a username and password.

The Trojan is active since March 16, 2006.

For more information on the rootkit.hearse Trojan, click here.

 

 

 

 

Sharing is caring