Neil Turner's Blog

Blogging about technology and randomness since 2002

Terrakt in Australia!

No, I had no idea what that meant either. It was the subject of an email that came to me via my Scrapie webmaster address, and it encouraged me to visit the site ‘’ for more information.

The web site doesn’t look like much. To the blind eye, it’s a blank page. But if you take a look at the source code, you’ll actually see that a 1×1 pixel Java applet is loading in the background and is merrily downloading a file.

Suspicious, I went on to Google and found this page on Code Fish Spam Watch which gives details about this little critter. Turns out it uses an exploit in Microsoft’s VM for Java to install a keylogging trojan horse virus on your computer, which is designed to pick up Passport and AOL logins, plus login details of various Australian online banks and send them to a Russian email address. The coding is quite clever because the keylogger is able to hide itself from detection using DLL hooks – it won’t appear in Windows Explorer or Task Manager.

Fortunately, I don’t have Microsoft’s VM on here, preferring to use the official Sun/Javasoft JRE. And you should too. Although the specific flaw that this trojan exploits has been patched, Microsoft’s VM is now obsolete, and is missing many Java innovations, so you should almost certainly uninstall it and switch to Sun’s offering.


  1. Phishing exposed

    Thanks to Neils post on Terrakt I’ve spent some time reading the articles at Code Fish Spam Watch where they run through their analysis of phishing scams they’ve received. Some interesting, although fairly technical, reading – and pretty scary too…