Demonize-T Trojan Steals Passwords & Keystrokes

By TechWeb News

Filtering firm MessageLabs said Monday it’s detected a new Trojan that’s being aggressively spammed to end-users and may install a key logger and password sniffer to hijack confidential information, such as credit-card numbers and log-in passwords.

Dubbed Demonize-T, the Trojan begins with an e-mail message bearing a variety of subject headings, including, 'the email from 2 days ago…here is my replay [sic]" and “Hey whatsup remember me?” Once it infects a system, Demonize-T opens a backdoor and begins communicating with a malicious Web site.

Since late Sunday, U.K.-based MessageLabs has intercepted more than 4,000 copies of the Demonize-T, a much higher number than for the typical Trojan, which often tally as few as 20 copies. “The new attacks appear to be far more intense,” said a MessageLabs spokesperson via e-mail.

The multistage Trojan downloads and executes a Visual Basic script from the Web site to compromise the machine and possibly load code onto the unsuspecting user’s computer.

“Early indications suggest that this is similar to previous attacks, where Trojans have been used to install key loggers and password stealers,” the MessageLabs spokesperson said.


Its starting to run round now, three AVG updates yesterday looking through the AVG server logs. Network admins get to work before all users with laptops from home get in to hammer the network. :nod:


this is why i like tpr… all the info you really need on one place, thanks guys :slight_smile:

Got a trojan from irc last night :frowning: (not tpr channel). This one installed a keystroke.dll in my teamspeak directory. AVG & spybot didn’t pick it up at all, but symantec’s on-line checker did.

Seems like a bad one. Haven’t looked at my mail for a couple of days. Think I’ll wait a while…

Thanks for the heads up Bibby. :thumbsup: