BOULDER, Colo., July 30 -- A disturbing Internet security trend is putting home PC users' identities at risk. Phishing Trojans, a kind of Internet security threat designed to steal your personal information and wreak other havoc on your PC, have been taking on new forms. In some cases, cybercriminals use them for "phishing" your log-in credentials and other sensitive information. In other cases, they're triggering phony antivirus programs to appear on your PC and trick you into giving away your credit card number in exchange for a solution you never receive.
Internet security experts at Boulder, Colorado-based Internet security service company Webroot have also identified malicious programs that leave your PC unusable after infection: Victims either cannot reboot their PCs once the data theft is complete, or their PCs crash when they attempt to remove the malware.
"In some cases, the crashes were the result of poor coding by the malware author," says Andrew Brandt, Lead Threat Research Analyst at Webroot. "But increasingly, it appears that this behavior is deliberate and occurs without warning. This unfortunate trend appears to be getting worse, leaving a raft of perplexed, angry victims unable to use their computers in the wake of an infection."
Home PC users with a taste for the more technical details of phishing Trojans will appreciate the following documentation of recent examples:
-- Zbot. Many phishing Trojans turn an infected computer into part of a
botnet, a zombie army of Internet-connected computers that are
controlled remotely and unbeknownst to their owners. Botnets can send
spam, spread malware to other computers, engage in distributed
denial-of-service attacks, serve as covert file storage areas and a
host of other undesirable activities. It is speculated that new
variants of Zbot may deliberately disable the PC as a distraction,
making it more difficult for the victim to become aware that
credentials were stolen and used until it is too late.
-- Tacticlol. This phishing Trojan arrives in email inboxes disguised as
either UPS shipping information or some sort of Facebook account
update. It typically downloads at least one rogue antivirus program
when a victim unzips the attachment and runs the file. One of the
rogues used in a recent infection is called XP Defender. The rogue
itself disables common browsers, Outlook Express and other
Internet-enabled applications, among other things.