The threat posed by phishing has racheted up a notch with the Korgo worm, which auto-infects unpatched Windows systems with a keylogging trojan, steals online banking information, and secretly transmits data back to the fraudsters.
The worm represents an alarming advance in phishing, as it forgoes the need to trick the end user into divulging details. Phishing trojans that monitor keystrokes are not new, but to date have required some form of response to an e-mail "bait." Korgo uses the LSASS vulnerability to auto-infect Windows systems that haven't applied the MS04-11 patch issued April 11.
Korgo's phishing activities were documented by F-Secure, which reports that the associated trojan is aggressively stealing user information from infected machines. "It does this via a keylogger which specifically collects user logins for online banks (the ones which do not use one-time passwords)," writes F-Secure's Mikko Hypponen. "It also logs everything the user types to any web form - this will collect lots of credit card numbers, passwords etc."