StressPaint

StressPaint is a parasite that was created with the intention of collecting the computer users' Facebook credentials. StressPaint is being delivered to victims through the use of corrupted email messages that claim to promote a program named 'Relieve Stress Paint,' which supposedly can be used by computer users to relieve stress. When the software being distributed with StressPaint is opened, it opens a program window where the computer user can draw lines of different colors and different sizes. This rudimentary painting program runs in the foreground while, in the background, a Trojan dropper component is downloading and installing threats onto the victim's computer. This malware allows the con artists to collect information from the victim's computer, by targeting credentials for the victim's Facebook account particularly.

The Main Goal of the StressPaint Attack is to Collect Passwords

StressPaint will deliver several files and make changes to the Windows Registry during its attack, which would allow it to carry out its ill-minded actions. The main module of StressPaint is a file named DX.exe that will run as long as the victim's computer is turned on. The file updata.dll is used to collect data from the victim's Web browser, allowing the con artists to collect credentials for online shopping and online banking. The file RelieveStressPain.Ink is the file that loads the 'Relieve Stress Paint' program onto the victim's computer. StressPaint also will inject various bad scripts onto Google Chrome. The way in which StressPaint collects the victim's data is fairly common. StressPaint will monitor the infected computer's network activity, looking for interactions between the infected computer and Facebook. StressPaint also will copy the Web Browser data as a way of attempting to access the victim's data illegitimately. StressPaint works in the background, not alerting the victim of the attack. One aspect that PC security researchers have observed in connection with StressPaint is that StressPaint copies data from the victim's Web browser, but analyses it in a different location to prevent anti-virus programs from detecting its presence.

How Your Machine will be Affected by StressPaint

One of the reasons why StressPaint targets Facebook accounts specifically is because many computer users have payment methods that are integrated with Facebook, which may include PayPal accounts, bank accounts and credit cards. The victims' profile pages also can be hijacked to reach new victims of the attack. Because of this, if you have been exposed to the StressPaint tactic, you should check your Facebook security settings, and change your passwords. It is especially necessary to carry out a complete scan of your computer with a strong, fully updated anti-malware application that could allow the detection and removal of the StressPaint Trojan.

Preventing Attacks Like StressPaint

Since StressPaint is distributed using an email tactic, it is important to take steps to prevent spam emails and unwanted email messages from reaching your computer. StressPaint may have reached tens of thousands of victims in its attack. The StressPaint attack does not seem to be sophisticated particularly, and it may have been created by amateurs following ready-made scripts to create their threats. However, the ability to infect so many computers is quite advanced and points to a sophisticated distribution network and techniques. Fortunately, StressPaint is not unsafe particularly. Computer users following normal online safety measures and limiting their exposure to possibly unsafe sites or content online can prevent attacks like StressPaint. Monitoring online behavior carefully and learning to spot obvious email tactics and unsafe advertising, coupled with a strong anti-malware program that is fully up-to-date and pertinent Facebook and online account security measures, can help computer users prevent attacks like StressPaint and similar malware that may try to hijack their online accounts.