By Dancho Danchev
Trust is vital. It’s also the cornerstone for the growth of E-commerce in general, largely thanks to the mass acceptable of a trusted model for processing financial data and personally identifiable information. For years, the acceptance and mass implementation of PKI (Public Key Infrastructure) has been a driving force that resulted in a pseudo-secure B2C, B2B, and B2G electronic marketplace, connecting the world’s economies in a 24/7/365 operating global ecosystem.
The bad news? Once the integrity of a host or a mobile device has been compromised, SSL, next to virtually every two-factor authentication mechanism gets bypassed by the cybercriminals that compromised the host/device, leading to a situation where users are left with a ‘false feeling of security‘.
In this post, I’ll profile a recently advertised commercial ‘form grabbing’ rootkit, that’s capable of ‘”grabbing” virtually any form of communication transmitted over SSL
Sample screenshots of the DIY form grabbing rootkit in action:
Coded in C++ according to its author, it has Ring 3 rootkit functionality, and currently supports Windows XP/Vista/7/8. The price? $75. Potential customers also don’t get a DIY builder, but a bin file that’s individually crypted per customer. Surprisingly, customers will get the updates over email. Next to the built-in rootkit functionality, the ‘form grabbing’ rootkit also takes advantage of ‘Smart API hooking”, and only hooks the functions responsible of transmitting form related data, making it extremely fast and efficient, according to its author.
Customers would have to use Liberty Reserve, Western Union, Money Gram or PayPal in order to purchase it.
We’ll be definitely keeping an eye on the future development of this commercial rootkit.