Press Releases

Browse our press release archive

07 Jun 2005

The lion sings tonight as Trojan horse steals passwords, Sophos reports

The image which accompanies the LdPinch-BD Trojan horse
The Trojan horse is accompanied by an animated GIF of a singing lion. Although the image carries a copyright message from 123Greetings.com, the Trojan horse has no connection with the company.

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have warned users about a Trojan horse which tries to steal confidential passwords and other data from infected computers. Bizarrely, the Trojan horse is accompanied by an animated picture of a lion wishing a happy birthday as it steals information from unsuspecting users.

Innocent computer users are being tempted to download the Troj/LdPinch-BD Trojan horse after a download link to the file was included in a spam campaign. The Trojan horse is designed to steal sensitive information, including passwords, from various applications. Information stolen can include:

  • computer details (OS version, memory, CPU etc.)
  • available drives (drive letter, type and free space)
  • hostname and IP address
  • Windows folder volume information
  • Passwords and confidential information from 'Protected Storage'
  • POP3 and IMAP server information, usernames and passwords
  • FTP usernames and passwords
  • RAS dial-up settings

Information stolen from infected computers is sent to a remote website, and the Trojan horse attempts to download further malicious code. However, at the time of writing, it appears the Trojan is not successfully downloading further code.

"This Trojan horse is designed to hand over confidential data from your PC straight into the hands of the hackers," said Graham Cluley, senior technology consultant for Sophos. "Anyone venturing into the jungle of the internet needs to be properly defended against attack with up-to-date anti-virus software, firewalls and security patches."

Sophos experts believe that the Troj/LdPinch-BD Trojan horse is further evidence of a growing trend of more malware spying on innocent home computer owners and poorly-protected businesses.

"More criminals are writing spyware and viruses than ever before. They are becoming more aggressive in their attempts to find new computers to infect and control, with the objective of stealing money and resources from the unprotected," continued Cluley. "If you attach a new, unpatched and unprotected computer to the internet then it can easily be under the control of hackers within a matter of minutes."

Sophos users were automatically protected against the LdPinch-BD Trojan horse earlier today. Sophos recommends companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.