1. /
  2. Security Response/
  3. Infostealer

Infostealer

Risk Level 1: Very Low

Discovered:
December 8, 1997
Updated:
May 21, 2013 1:58:18 PM
Type:
Trojan
Infection Length:
Varies
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Infostealer is a detection name used by Symantec to identify malicious software programs that gathers confidential information from the compromised computer.

Infostealer is a type of Trojan horse program that has a very specific payload goal. This Trojan gathers confidential information from the computer and sends it to a predetermined location. This information can be financial, related to the compromised computer or user credentials for various web sites. Often the Trojan may steal a combination of all three types of sensitive information.

Once stolen, login details, credentials from particular web sites, passwords, financial information and other personally identifiable information can be sold on the black market. This underground hive of criminal activity is a booming illegal multi-billion dollar a year business. The stolen information can be worth considerable sums of money depending on the details involved. For example, in 2008 it was reported by Symantec researchers that some of the most popular items of information sold in the underground economy changed hands for the following prices:

  • Credit card information - for between US$0.06 - $30 each.
  • Bank accounts - for between US$10 - $1000 each depending on the balance.
  • Email accounts - for between US$0.10 - $100 each

The most often used technique, keylogging, is effective at collecting much of the information that is targeted by the attacker. For these Trojans, the goal is to collect as much data as possible; the more details about the user that end up in the hands of the remote attacker, the bigger the potential profit.

To see how effective keylogging is, check out Symantec's video, The Threat Factory - Keystroke Logging From the Victim and Cybercrminal's Perspective.

Antivirus Protection Dates

  • Initial Rapid Release version December 20, 2000
  • Latest Rapid Release version February 11, 2014 revision 025
  • Initial Daily Certified version December 20, 2000
  • Latest Daily Certified version February 27, 2014 revision 002
  • Initial Weekly Certified release date December 10, 1997
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Steals sensitive information from the compromised computer.
  • Releases Confidential Info: May send confidential information to the remote attacker.

Distribution

  • Distribution Level: Low
Writeup By: Angela Thigpen

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver