Gozi variant contains keylogger function

By

A fresh variant of the Russian Gozi virus has attacked thousands of computers in various countries in the past month.

Gozi variant contains keylogger function
The variant is similar to the original Gozi virus, detected in January, but has two new features, including a packing utility that encrypts, compresses and deletes sections of the virus code to evade detection by signature-based anti-virus software.

The trojan also has an integrally-coded keylogging function designed to capture and steal personal data, with the ability to snatch information from encrypted SSL streams.

The keylogging feature activates when an affected user visits a financial website, according to reports.

Information compromised by the virus includes bank and credit card account numbers, online payment details, usernames and passwords.

Don Jackson, a researcher at SecureWorks, uncovered the trojan variant, which he said sends the stolen data to a server in Russia.

The variant first attacked victims on April 17, and has stolen the account information of 2,000 home PC users, according to SecureWorks.

The trojan is believed to have stolen $2 million of financial and personal information since researchers discovered it in February, a SecureWorks spokeswoman said Friday.

Anti-virus vendors will have considerable trouble detecting the malware because of its keylogging function, according to one company.

"It is bad enough that this new version of Gozi can encrypt and rotate its program code to bypass conventional signature detection, but the fact it can switch a keylogging function on and off when the infected PC reaches an e-banking webpage makes it almost undetectable using conventional IT security technology," said Geoff Sweeney, co-founder and CTO at behavioral analysis software vendor Tier-3.

Jackson discovered the worm in January after a friend received a suspicious message from a large online financial organisation. His investigation uncovered a repository of stolen information from more than 5,200 home users and 10,000 account records – including the names and password information for top global banks, retailers, government organisations and law enforcement networks.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
containsfunctiongozikeyloggersecurityvariant

Sponsored Whitepapers

Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?