A new Trojan which has been reported to sniff out sensitive corporate data has recently emerged.

The Trojan.Spy.YEK registers itself as a system service through an encrypted dll and awaits instructions from a command and control type center. It then uploads the gathered information to an FTP server unknowns to the user. The software can run on all versions of Windows.

Many media organisations are reporting that this Trojan cannot be stopped, however a simple and effective security policy in place could easily thwart malicious software such as this. Most corporate users have no requirement to connect to FTP servers and a simple set of firewall rules disallowing this type of connection would be sufficient to stop this Trojan in it’s tracks.

Malicious software such as this takes advantage of poorly protected networks that do not have specific rules in place that block unnecessary traffic from computer systems.

People generally use the same password for lots of different websites which is not a very good idea.

Stanford PWDHash

PwdHash is a browser addon that transparently converts a user’s password into a domain-specific password.

What does this mean?

Say for example you login to Gmail using the password “password123″ and you also use this same password on your Facebook account. By using PWDHash the password123 is hashed with the domain, gmail.com to give the password “oDWsVkXNO1GpD”. When hashed with facebook.com it gives a completely different password, “2oHZykUiHmA3H”.

You might be wondering at this point, right how am I going to remember a password like “2oHZykUiHmA3H”. With PWDHash installed, you don’t need to remember either of the two long passwords. By hitting F2 (place the cursor in the password field and press the F2 key) and then typing “password123″ PWDHash automatically replaces what you have typed to “oDWsVkXNO1GpD” if you are using gmail.com and “oDWsVkXNO1GpD” if you are using facebook.com.

To start using PWDHash follow these simple steps:

Go here and install the add-on for Firefox or here to install the add-on for Google Chrome.

Once you have the add-on installed you can then go to the settings page of your Gmail, Facebook, Hotmail or whatever and request a password change.
When you are typing your new password make sure you press F2 before typing it, or alternatively precede it with “@@”.
Once you have entered your new password (usually twice for verification purposes) you should now be able to start using PWDHash, Just make sure to hit F2 before you type your password when logging in.

If you are using a different browser or you’re at a computer where PWDHash is not installed simply go to http://www.pwdhash.com and enter the details there. Then just copy and paste your password from the PWDHash website to the password field of where you’re trying to login.