1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Trojan.Dexter Communication 2

System Infected: Trojan.Dexter Communication 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts from Infostealer.Dexter to relay possibly sensitive information to it's controlling server.

Additional Information

Infostealer is a detection name used by Symantec to identify malicious software programs that gathers confidential information from the compromised computer.

Infostealer is a type of Trojan horse program that has a very specific payload goal. This Trojan gathers confidential information from the computer and sends it to a predetermined location. This information can be financial, related to the compromised computer or user credentials for various web sites. Often the Trojan may steal a combination of all three types of sensitive information.

Once stolen, login details, credentials from particular web sites, passwords, financial information and other personally identifiable information can be sold on the black market. This underground hive of criminal activity is a booming illegal multi-billion dollar a year business. The stolen information can be worth considerable sums of money depending on the details involved. For example, in 2008 it was reported by Symantec researchers that some of the most popular items of information sold in the underground economy changed hands for the following prices:

Credit card information - for between US$0.06 - $30 each.
Bank accounts - for between US$10 - $1000 each depending on the balance.
Email accounts - for between US$0.10 - $100 each

The most often used technique, keylogging, is effective at collecting much of the information that is targeted by the attacker. For these Trojans, the goal is to collect as much data as possible; the more details about the user that end up in the hands of the remote attacker, the bigger the potential profit.

Affected

  • Windows

Response

If you believe that the signature is reported erroneously, please read the following:
Report a potential false positive to Symantec.

Before proceeding further we recommend that you run a full system scan.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube