Incidents

Pinch authors pinched

Today Nikolay Patrushev, head of the Federal Security Services, announced the results of the measures taken to combat cyber crime in 2007.

Among other information, it was announced that it had been established who was the author of the notorious Pinch Trojan – two Russian virus writers called Ermishkin and Farkhutdinov. The investigation will soon be completed and taken to court.

It’s well known that Pinch is one of the most popular Trojan programs with Russian malicious users. The Trojan makes it possible to steal email, icq and other account data, including to network services and application. The authors of this program, also known as Damrai and Scratch, used Pinch to build a criminal industry.

Anyone who wants can order a customized version of the Trojan, and also get ‘technical support’ from the authors of the program. Russian hacker forums were flooded with advertisements for this ‘service’.

A mass of script-kiddies clearly found the idea attractive – get a functional spy program for a mere few dollars. As a result, the Internet became flooded with Pinch modifications. Our antivirus databases currently contain more than four thousand variants.

At the very lowest estimates, Pinch has caused several hundred thousand infections. It’s impossible to estimate what financial losses have been caused over the years since this Trojan first saw the light of day.

Patrushev’s announcement today clearly shows that the security services are targeting active virus writing groups which participate in cyber crime, and that the steps being taken are meeting with success.

The arrest of the Pinch authors is on a level with the arrests of other well known virus writers such as the author of NetSky and Sasser, and the authors of the Chernobyl and Melissa viruses.

Unfortunately, it doesn’t mean that new variants of Pinch will disappear. Sadly, the source code of this Trojan is circulating on the Internet, and we’ll certainly encounter ‘remakes’ of this pest, created by virus writers who have not yet been arrested.

Pinch authors pinched

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox