Pinch Trojan still bypassing anti-virus
4th Feb 2009 | 11:13
Despite the creators' arrest in 2007
A piece of malware called Pinch is creating havoc and bypassing major anti-virus software, despite the creators being arrested by the Russian police more than a year ago.
The Pinch malware creation tool allows cyber-criminals to create tailored Trojans that can hijack email, ICQ and other sensitive data.
However, although the alleged creators – named as Ermishkin and Farkhutdinov – were arrested back in 2007, the code for their malware was leaked onto the net.
The creation kit is still in use, and anti-malware company Prevx has discovered that variants of the Pinch Trojan are still defeating major AV software from the likes of Symantiec, Mcafee, Kaspersky and AVG.
"What is really interesting here is that despite the original creators being arrested over more than a year ago - their legacy lives on online," Jacques Erasmus Prevx's director of Malware Research told TechRadar.
"This just goes to show that even the most seemingly obsolete piece of malware needs just a few tweaks by someone with a bit of programming knowledge to completely disguise it from traditional signature based anti-virus.
"If these people had been running a complementary piece of software which doesn't work on signatures, their credit card details, passwords and other personal data wouldn't have been in the hands of criminals."
Prevx's own data shows around 4,000 people are being affected per day from just one variant of the Trojan.
The revelation does raise questions about how anti-malware scanners cope with programs that make it easy to produce variants - with Pinch unlikely to disappear any time soon.