A new Trojan, identified by Webroot Software, Inc. as “Rebery”, reveals some remarkable capabilities. It is distributed from a server, hosted by Pilosoft which has in the past been implicated in hosting the nefarious Cool Web Search, using a drive by download. Once installed it captures personal information that is entered into web forms.
Screen shots from Webroot’s investigation reveal how the captured data is recorded along with the form field information. Names, passwords, Social Security Numbers, Credit Card numbers and addresses are all there. Here is a screen shot of the actual data(click to see larger image):
And here is a screen shot of the directory that demonstrates how the server catalogs the captured data by country. Very nice.
The latest count indicates that the server now harbors the data captured from over 10,000 machines. Shutting down that server would be a good idea. The ftp site that contains the data is evidently still up at the time of this posting.