Password recovery made too easy

A senior malware analyst has slammed the availability of a `password recovery' utility from Freehostia, noting that the software actually uses network admin utilities to take credentials from the users' PC.

Security vulnerabilities found on password managers
Security vulnerabilities found on password managers
According to Cyren's Rommel Ramos, the code is distributed as an email attachment, posing as a PDF document with a fake file name and icon.

"It seems like a usual executable malware or botnet client being spammed that does its thing when executed, but after looking into it further, I find it very interesting how simply it was written and how it uses some network administration tools to effectively steal users sensitive info from its computer," he says in his analysis of the software.

What is interesting about the software - and its raison d'être - is that, unlike Elcomsoft's password recovery applications, the Freehostia application is designed with one purpose in mind - the theft of user credentials.

Elcomsoft is a privately owned software company headquartered in Moscow; since the company was created in 1990, it has been working on computer security programs, with the main focus on password and system recovery software.

In July of 2001, Dmitry Sklyarov, a Russian citizen employed by Elcomsoft - who was visiting the US to attend the DefCon show - was arrested and jailed for allegedly violating the Digital Millennium Copyright Act (DMCA) after he coded the firm's Advanced eBook Processor software. By the end of 2002, Sklyarov and his employers were found not guilty under the DMCA.

Since then, Elcomsoft's password recovery software has become the de facto `password recovery' application of its type, raising the profile of this type of utility and creating expectations amongst Windows and Mac users.
Page 1 of 2