PandaLabs: Trojan Cimuz.EL steals passwords and data

19th April 2007

PandaLabs reports of a new trojan Cimuz.EL: the proportion of malicious code accounts 57% of all reports of malware, coming hourly in PandaLabs. It is developed for stealing all types of passwords, including passwords, which are stored on the computer, and passwords, typed by users in the Internet. Trojan is distributed gradually. First, the computer becomes infected by the part of the code, which then downloads the remaining trojan components which are performing on the computer malicious actions. After total installation, Cimuz.EL steals and stores the information of an infected computer: passwords for e-mail and other programs, data on hardware and software, IP, location, etc. This trojan is also developed for tracking internet-activity of users. For this, it embeds DLL in Internet Explorer and collects all the data that users enter in online forms (credit card numbers, passwords, etc.). All the collected information, it then periodically sends via server to its developer. As Luis Corrons, technical director of PandaLabs explains, â€œThis trojan canâ€™t extend itself, but uses many other channels of distribution: internet downloads, CD, infected memory cards, e-mail, etc.â€.