Troj/Trackr-Gen

The Troj/Trackr-Gen Trojan has been associated with a surge of attacks against educational institutions and small to medium-sized businesses. While the attacks of the Troj/Trackr-Gen Trojan have not been widespread as of November of 2011, it is important to remain vigilant. The criminals behind the Troj/Trackr-Gen Trojan seem to target those kinds of organizations that may not have the sufficient resources to invest in expensive computer security and defense, which means that the big multinational conglomerates are probably safe from the Troj/Trackr-Gen Trojan. The Troj/Trackr-Gen Trojan targets equipment dedicated to processing credit cards. Once Troj/Trackr-Gen has infected these machines, Troj/Trackr-Gen attempts to steal any credit card information Troj/Trackr-Gen may find. According to ESG security researchers, the Troj/Trackr-Gen Trojan disguises itself as a Windows service with an executable file (with the .exe extension) named rdasrv.exe corresponding to the service of the same name. As PC security researchers identify this dangerous malware threat, the criminals behind Troj/Trackr-Gen have changed it so that Troj/Trackr-Gen will instead choose a randomly-numbered file name and service, usually beginning with the letter 'A' followed by a random number and the .exe extension.
 

Understanding the Troj/Trackr-Gen Trojan

One of the main problems with the Troj/Trackr-Gen Trojan is that Troj/Trackr-Gen can bypass many of the most typical protections by being compliant with PCI/DSS. The way Troj/Trackr-Gen works is by using simple procedures in order to search the infected computer's memory for credit card data which Troj/Trackr-Gen can then store. Examples of credit card data that the Troj/Trackr-Gen Trojan searches for include the name of the card's owner, the credit card account's number, the card's expiration date, the card's code and number, and other similar information that may prove useful towards cloning or stealing that particular card. This information is written onto a text file (with the .txt extension) with a fairly innocuous file name (usually 'data' or 'currentblock'). A Troj/Trackr-Gen Trojan infection will usually occur after the criminals behind Troj/Trackr-Gen gain access to the infected computer systems through other means, usually through the installation of a backdoor Trojan. This illicit access can be gained with the use of social engineering scams, with an external memory device, or through exploiting known security vulnerabilities in the Windows operating system or the most popular Internet browsers and operating environments (such as Java or Flash).