FREE Subscription to Dr. Dobb’s Digest: Same Great Content, New Digital Edition
Site Archive (Complete)
ABOUT US | CONTACT | ADVERTISE | SUBSCRIBE | SOURCE CODE | NEWSLETTERS | RESOURCES | BLOGS | PODCASTS | GO PARALLEL
Security Blog: New Variant of Briz Trojan Reported
Security
Blog Home | Department Home | More Blogs |
Blog Home | Department Home | More Blogs |
EYE ON SECURITY

The World of Secure Development.

by Kevin Carlson
LOCK IT UP

... Keys to Better Security

by Neil Rerup
June 07, 2006

New Variant of Briz Trojan Reported

PandaLabs has detected a data theft scam using the new I variant of the Briz Trojan. According to data obtained by PandaLabs from the page the attackers used to control the network, some 2700 computers spread across more than 120 countries were infected.

The creator (or creators) of this newly uncovered network have been distributing Briz.I from certain web pages, mostly related with illegal or pornographic content. PandaLabs is working alongside other security companies to identify and close down each of the websites related to this network and prevent the threat from spreading.

The emergence of Briz.I could be the consequence of the scam for creating and selling customised versions of Briz, recently discovered by PandaLabs. According to Luis Corrons, director of PandaLabs:

It is possible that the creator of the original Trojan has decided to profit directly using the same Trojans that were sold before, alternatively, Briz.I could be a new version of one of the examples that was sold while the previous scam was still in operation .

Briz.I infiltrates infected systems under the name "iexplore.exe", simulating an Internet Explorer process. Once on the system, it downloads a file that sends information (including the IP address or country of the infected computer) to the attacker’s website. Another of its components integrates in Internet Explorer capturing all information entered by users in online forms, such as e-mail passwords or details for entering online banking services. This malware allows the computer to be used as a gateway for connecting to other pages and masking the identity of the attacker, who can also remotely access files on the local computer.

Briz.I is specifically designed to go unnoticed by both users and security companies. It does this by covering its tracks once each of the components has carried out the task. It also modifies the "hosts" file in Windows to prevent users from accessing web pages of security companies and it disables the Windows firewall.

Posted by Jon Erickson at 11:17 AM  Permalink



 
INFO-LINK


| All Feeds
© 2009 TechWeb, Privacy Policy, Terms of Service, United Business Media LLC
Comments about the web site: webmaster@ddj.com