Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded internet users to be on their guard following the discovery of a spyware Trojan horse that displays pictures of a potential Russian love match while secretly stealing information.
When first run on a user's computer, the Troj/Keylog-HD Trojan horse displays a slideshow of 3 photographs of a young woman called "Victoria Stasova". Accompanying the photographs is a love heart and an AOL email address.
However, while the pictures are being displayed, the malware steals keypresses and information from the infected user's PC which could allow hackers to plunder bank accounts and commit identity theft.
Two pictures from the Trojan horse's slideshow.
"The danger is that people might think they are just looking at pictures of a Russian beauty who is on the lookout for love. But behind the scenes, information and keypresses - including usernames and passwords - are being secretly stolen from the PCs by hackers," said Graham Cluley, senior technology consultant for Sophos. "One of the ways in which malware like this could work is that computer users could find themselves being chatted up online by someone who they believe is a potential love match, and then be sent the slideshow as the virtual romance blossoms. Having found new love victims may rush to run the slideshow with their head in the clouds, and not realise their finances are being consigned to the gutter."
Although Sophos has not seen a large number of reports of the Trojan horse, it recommends that users ensure their anti-virus protection is up-to-date and they exercise caution about which programs they choose to run on their computers. Sophos has been protecting against the Keylog-HD Trojan horse since 22:26 GMT on 27 July 2006.
Sophos recommends that businesses defend their desktop and servers with automatically updated protection against viruses, spyware and spam to reduce the chances of malicious attack.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.