Update: Click here for more information on the types of systems infected.

Press release here.

We have issued an immediate security fix to thwart the newly identified spyware keylogger uncovered by Sunbelt’s Research Team. This is the keylogger that is behind the identity theft ring.

The spyware keylogger, named Srv.SSA-KeyLogger, is a backdoor program that, among other things, secretly steals data from users’s internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information.

It is a new variant of a family of existing trojans generally known as Dumaru or Nibu. We believe Kaspersky has this described as Win32.Dumador.df, but it is doubtful if many other antispyware or antivirus applications have definitions for it (McAfee, Panda and Symantec don’t catch it, but there are a number of AV programs that do, like Kaspersky and BitDefender — and

Lavasoft may have the fix).

Update: Most AV vendors have this thing now.

As we’ve written before, this keylogger was identified as a result of one of Sunbelt’s lead spyware researcher’s earlier discovery of a massive online identity theft ring in which thousands of unsuspecting computer users’ personal data had been compromised.

In a sense, the news is not the keylogger itself–these are a dime a dozen these days. The news is that it was one of the rare times that a security company has been able to stumble onto such an extraordinary cache of compromised end-user data.

Anyway, to protect users from this harmful keylogger, new definitions are being added for both the CounterSpy and CounterSpy Enterprise antispyware products.

Updates to the consumer edition of CounterSpy are available immediately, while customers of the enterprise edition will receive the updates shortly upon completion of platform testing by Sunbelt.

Protecting yourself against this keylogger: On Thursday, Sunbelt will be offering a free detection and removal tool on its website specifically targeted at this keylogger.

As an alternative, users can immediately download the two week trial version of CounterSpy, which provides free scanning and remediation for this keylogger and a large number of other spyware threats.

More details on the Srv.SSA-KeyLogger will be posted on Sunbelt’s Research Center

Sunbelt is sharing data on the keylogger with other major security companies to insure the industry has the information necessary to react rapidly to this threat.

CounterSpy Definition Updates that have this threat signature:

CounterSpy Consumer 1.0.29 – 216
CounterSpy EnterPrise 1.5.x – 217
CounterSpy Consumer Beta 1.5.x – 217

Alex Eckelberry

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.