14 DAY TRIAL // The latest version of the Malicious Software Removal Tool (MSRT) has been updated to tackle two new Trojans families Win32/EyeStye and Win32/Poison, according to the Redmond company.
Microsoft has made a tradition out of kicking MSRT up a notch with each Patch Tuesday, and this month it made no exception to the rule.
Available free of charge to all Windows users, the Malicious Software Removal Tool is designed to detect and remove a specific number of malicious code samples, and EyeStye and Poison are the latest additions to its list of victims.
“EyeStye (aka 'SpyEye') is a family of Trojans that steals information, targeting authentication data used for online banking such as passwords and digital certificates,” explains a member of the MMPC team.
“The method it employs is called "form grabbing" which involves the interception of webform data submitted to the host through the client's browser. By intercepting this data, authentication information can be stolen, and web content presented to the user can be altered to the malware author's preference.”
One of the latest versions of EyeStye comes equipped to target all major browsers, including Internet Explorer, Mozilla, Chrome and Opera.
In addition to EyeStye, the software giant has also refreshed the Malicious Software Removal Tool in order to hunt for Win32/Poison.
“Win32/Poison is family of backdoor trojans that allow unauthorized access and control of an affected machine. It attempts to hide by injecting itself into other processes,” the Redmond company notes.
Windows processes such as iexplore.exe, explorer.exe and lsass.exe are targeted by this piece of malware with predilection.
“This malware communicates with a remote server to receive commands. It may inject itself into other running processes in an attempt to evade common firewall programs. For example, some variants of Win32/Poison start 'iexplore.exe' and inject into it. Once injected into iexplore.exe, Win32/Poison contacts a pre-defined remote server to receive commands using a specific TCP port,” Microsoft notes.
Malicious Software Removal Tool (MSRT) is available for download here.