Infostealer is a detection name used by Symantec to identify malicious software programs that gathers confidential information from the compromised computer.
Infostealer is a type of Trojan horse
program that has a very specific payload goal. This Trojan gathers confidential information from the computer and sends it to a predetermined location. This information can be financial, related to the compromised computer or user credentials for various web sites. Often the Trojan may steal a combination of all three types of sensitive information.
Once stolen, login details, credentials from particular web sites, passwords, financial information and other personally identifiable information can be sold on the black market. This underground hive of criminal activity is a booming illegal multi-billion dollar a year business. The stolen information can be worth considerable sums of money depending on the details involved. For example, in 2008 it was reported by Symantec researchers
that some of the most popular items of information sold in the underground economy changed hands for the following prices:
- Credit card information - for between US$0.06 - $30 each.
- Bank accounts - for between US$10 - $1000 each depending on the balance.
- Email accounts - for between US$0.10 - $100 each
The most often used technique, keylogging, is effective at collecting much of the information that is targeted by the attacker. For these Trojans, the goal is to collect as much data as possible; the more details about the user that end up in the hands of the remote attacker, the bigger the potential profit.
To see how effective keylogging is, check out Symantec's video, The Threat Factory - Keystroke Logging From the Victim and Cybercrminal's Perspective
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.