New Trojan Targets Day Traders

While a reported roughly 10 million PCs are sporting an infection of the Windows Server Service based vulnerability dubbed “Conficker”, a lesser known exploit is flying under the radar. A Trojan targeting day traders is now being referred to by many as “Tigger.A” or “Tigger” has spread through more than a quarter million Windows based machines.

I imagine things have been pretty shaky for the average day trader as of late but for many simply taking the wrong position on a stock may not be the only way to realize a freefall in your trading account. This Trojan is designed to specifically target users of E-Trade, ING Direct ShareBuilder, TD Ameritrade, Scottrade, Options Xpress and Vanguard. Once the victims PC is compromised the Trojan has the ability to steal passwords, take screenshots, log your keystrokes and even steal web cookies. Just as this Trojans data gathering capabilities equally sophisticated are the Trojans abilities to conceal its presence.

This Trojan exploits a previously patched flaw relating to a “privilege escalation” feature that grants access to the “administrator” account thus rendering any permission limitations under the specific user ineffective, as Tigger would have the ability to override that protection. Tigger has the ability to delete competing malicious code (a feature that is far more common in spamming malware) and also disable multiple security programs such as Windows Defender, Outpost, Kaspersky and Windows Firewall.

Though it is well known that the Trojan is targeting day traders and/or employees of the previously mentioned stock and investment trading firms it is still a mystery as to how it is being spread. While we might not know where they are getting it we may know who they are getting it from… According to security firm iDefense, “Tigger uses a special key code to extract its rootkit on host systems, a lengthy key that is almost identical to the key used by the domain name generation feature built into the Srizbi botnet”.