The Tigger Trojan: Icky, Sticky Stuff A relatively unknown data-stealing Trojan horse program that has claimed more than a quarter-million victims in the span of a few months aptly illustrates the sophistication of modern malware and the importance of a multi-layered approach to security. When analysts at Sterling, Va., based security intelligence firm iDefense first spotted the trojan they call "Tigger.A" in November 2008, none of the 37 anti-virus products they tested it against recognized it. A month later, only one - AntiVir - detected it. That virtual invisibility cloak, combined with a host of tricks designed to elude forensic malware examiners, allowed Tigger to quietly infect more than 250,000 Microsoft Windows systems, according to iDefense's read of log files recovered from one of the Web servers Tigger uses to download code. iDefense analyst Michael Ligh found that Tigger appears designed to target mainly customers or employees of stock and options trading firms. Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade and Scottrade. iDefense said the Trojan is the first known malware to exploit a specific vulnerability Microsoft patched in mid-October 2008. That flaw is what's known as a "privilege escalation" vulnerability, in that it cannot be exploited remotely, and merely allows the attacker to gain access to the almighty "administrator" account in Windows. That means that even if the user is running the system as I so often advise - under a limited user account that does not have permission to make changes deep within the operating system -- the presence of this unpatched vulnerability on a Windows system would let this invader override that protection. While running Windows under a limited user account is a key step in keeping your system in its safest state, staying up-to-date on patches -- both fixes for the operating system and third-party software -- is still just as important. I would actually rank anti-virus a distant third protection mechanism, given how poorly most anti-virus tools seem to be faring against the latest malware families.
I just read this and was going to post. However, what I could not find is how to tell if you have an infection or how to remove it. All report I have seen said it does not show up under conventional virus scans. Has anyone had any contact with this thing?