Security Watch

Keeping Track of patches and hacks in the IT security world.

Russian Feds Bust 'Pinch' Malware Creation Kit Authors

According to reports out of Russia, two men who allegedly built and distributed the notorious Pinch malware creation kit have been busted and could soon face prosecution.

The two men, identified as Ermishkin and Farkhutdinov, are allegedly responsible for the do-it-yourself toolkit that makes it possible to hijack e-mail, ICQ and other sensitive data for use in identity theft attacks.


The skinny, via Kaspersky Lab:

"The authors of this program, also known as Damrai and Scratch, used Pinch to build a criminal industry.Anyone can order a customized version of the Trojan, and also get 'technical support' from the authors of the program. Russian hacker forums were flooded with advertisements for this 'service'.A mass of script-kiddies clearly found the idea attractive - get a functional spy program for a mere few dollars. As a result, the Internet became flooded with Pinch modifications. Our antivirus databases currently contain more than four thousand variants.At the very lowest estimates, Pinch has caused several hundred thousand infections. It's impossible to estimate what financial losses have been caused over the years since this Trojan first saw the light of day....Unfortunately, it doesn't mean that new variants of Pinch will disappear. Sadly, the source code of this Trojan is circulating on the Internet, and we'll certainly encounter 'remakes' of this pest, created by virus writers who have not yet been arrested."

See more on Pinch from PandaLabs and a Techmeme discussion of the bust in Russia.