PandaLabs has discovered Shark 2, a tool for creating Trojans which is being distributed on several Internet forums. Its creators have launched several updates, so there are various versions available, such as 2.1, 2.2, or the 2.3.2 version, the latest detected by PandaLabs.
“The Trojans created with Shark 2 are designed to steal all types of confidential information, from the type of processor used by the computer to program and bank passwords. Cyber-crooks can even activate users Web cams and watch what they are doing. This is yet another step in online crime, and implies a serious invasion of privacy,” says Jeremy Matthews, CE of Panda Security South Africa.
One of the main dangers of this program is that it allows malicious users to create all kinds of malicious code without having much programming knowledge, as it offers an interface allowing cyber-crooks simply to choose the malware characteristics they want. These characteristics include defining the server to which the malware connects and the option for configuring the code to run on every system restart, display error messages or run other files. It also lets users set specific actions for processes and services, such as blocking certain services, closing the user server, etc.
Shark 2 allows malware to be UPX packaged and configured to end its own processes when it detects debuggers (created to decipher malware) and VMware, making it more difficult to detect. Once the malware created has infected a computer, it connects to a previously specified server and displays an interface through which the malicious user can take numerous actions.
Firstly, the malware created will show data about the infected system: processor, RAM, antivirus installed, browser, etc. Then, Shark 2 allows numerous utilities to be run on the compromised computer. This way, the cyber-crook can take action including modifying the registry or editing the host file. This would let hackers, say, redirect users to phishing sites or infected pages. Similarly, Trojans created with this tool can capture screenshots, audio, and keystrokes. It is also designed to download other malicious code onto infected computers.
Shark 2 enables hackers to command malware to steal passwords (IM, email, online banks, etc.) and can obtain data such as the name and version of programs installed, open connections, active processes and services, etc.
“Malware creators would be able to obtain in-depth information about the infected computer, and so apart from stealing data such as bank details which could then be used for financial gain, they could use the computer as a proxy to hide other criminal activity on the Internet,” says Matthews.