Anti-virus vendor: ID theft Trojans on 1 in 100 PCs

Perhaps as many as 10 million PCs are infected with sneaky programs designed to steal sensitive financial information, anti-virus vendor Panda Security reports.

The company found that just over 1 percent of systems belonging to the 67 million people who tried out its free ActiveScan test site last year were infected with malicious software designed to help thieves steal sensitive information about victims. If 1 percent of the world's 1 billion computers are infected, that would mean that this kind of software is on 10 million PCs worldwide, the company reports.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

These identity-theft-focused Trojan programs are becoming more sophisticated and more common. Panda's detection rate jumped 800 percent between the middle of 2008 and the end of the year, according to Carlos Zevallos, a security evangelist with the security company. "The report shows a very sobering number," he said. "We don't want it to seem that it is a hopeless battle [but] all businesses innovate, and crimeware is a business."

Identity theft is a big problem. The U.S. Federal Trade Commission estimates that 9 million U.S. residents have their identities stolen each year through a variety of techniques, including dumpster diving, skimming credit card numbers at legitimate businesses, and phishing.

According to Panda, these Trojan programs are a now a serious threat too. Victims of the Trojans are usually tricked into installing the software themselves. They may think they're installing a new plug-in in order to view a video. Once the software is installed, it typically sends messages to a central command and control server

Although banking Web sites have added a lot of features over the years to prevent hackers in another country such as Russia from logging into online accounts, these banking Trojans can be really hard to stop, Zevallos said. "They essentially have complete control of your machine, so they can send a request from your machine and the Web site will not know that it is not being initiated by the user."

Trojans can take screen shots of everything on your screen and search the machine for credit-card numbers, Social Security numbers, resumes -- anything that could be used in identity theft. Today's Trojans can even download software updates from their criminal masters.

Today's most common financial Trojans go by names like Cimuz, Sinowal, and Torpig.

Most of these programs come from China or Russia, but Panda says that a growing number are coming from Brazil and Korea too.

In the past few years, hackers have become very good at cranking out new, slightly altered, variants of their malware, designed to evade anti-virus detection. So anti-virus products will detect identity theft Trojans, but not all of them. Panda said that 35 percent of the infected PCs that it spotted last year were already using up-to-date anti-virus programs.