Back in July, we covered the appearance of a sophisticated malware generator named Pinch Pro. Although not a trojan itself, Pinch Pro provided a framework for malware authors to create and design their own worms and trojans, each of which could be specifically tailored to report certain data, zombify the PC, or kill certain commands/files. Imagine something like Build-A-Bear, but designed for malware rather than fuzzy bear creation, and you've got the right idea.
Pinch became popular in Russia, which meant is also became something of a headache for IT services generally and government services in particular. In effect, the malware-builder proved a bit too popular for its own good, and ultimately attracted the attention of Russian authorities. According to Kaspersky Lab, the Russian FSB (Federal Security Service) has identified the two authors of the program, Ermishkin and Farkhutdinov, and will soon take expose them to the cheery Russian legal system.
While the arrest and prosecution of the program's authors is important, it won't do much to solve the underlying problem Pinch has created. The program's source code has been released into the wild—the authors only charged for customized software and support. As such, we can expect to see more variants of the malware creator program appear in the future. Kaspersky Lab has already identified over 4,000 variations of Pinch-created Trojans.
The customizations available to a Pinch designer speak to the tool's features—with the click of a button, the designer can specify his creation to perform a number of specific tasks, including:
SPY: Allows trojan to act as a keylogger, takes screenshots, capture IE data, and can search for certain files.NET:
Turns the PC into a botnet zombie, and allows for the opening of
specific ports, downloads and runs files, and can turn the system into
a proxy.BD: Opens a backdoor on the infected system.KILL: Deactivates certain services or processes.
The more serious threat that Pinch Pro is only a visible symptom of, however, is the ongoing commercialization of malware. Using malware to collect system information or harvest e-mail addresses has always had some inherent value, but the creation of the infectious program itself wasn't necessarily seen as a dependable profit source. Now apps like Pinch Pro, as well as open marketplaces for malware, are bringing the business side of trojans and viruses to the fore.