When it comes to data theft there seems to be no limit to the types of files that might be stolen if your system becomes compromised.
The latest, Troj/PixSteal-A, is designed to take all of the images, photos and even memory dumps from your hard drive.
The malware starts out by scouring your C: D: and E: drives on Windows for any files ending in .JPG, .JPEG and .DMP.
fter it gathers up all of the images it can find it then uploads them via FTP to a FTP server hosted in Iraq.
The image on the right shows some of the filenames present at the time of this writing. The ones shown here are default images included with Windows XP, but many others were found.
In a second strange link to the Iraqi server hosting the FTP site some of the images that were purloined from victims appeared to be scanned documents written in Arabic.
This might hint at one of the motives behind image thefts. Are they look for *wink* candid photos *wink* that they might use to extort money from the victims?
Are they looking to get scanned copies of sensitive identity documents like passports, social security numbers and driver's licenses?
Perhaps they are trolling for photos of sensitive company documents, screen captures or faxes?
The theft of memory dumps might not fit into the above scenarios, unless you consider the types of things that are currently stored on that FTP server.
One file is named "Google_Talk_1.0.0.104_121002-170904.dmp"... You private instant messaging conversations could likely be inside of the memory space of a program like Google Talk.
If I had to make a guess, I would think the above evidence suggests it is being used for espionage, but we can't be sure.
Read more: http://nakedsecurity.sophos.com/2012/11/06/trojan-horse-designed-to-steal-your-photos/