Gozi variant contains keylogger function

By on
Gozi variant contains keylogger function

A fresh variant of the Russian Gozi virus has attacked thousands of computers in various countries in the past month.

The variant is similar to the original Gozi virus, detected in January, but has two new features, including a packing utility that encrypts, compresses and deletes sections of the virus code to evade detection by signature-based anti-virus software.

The trojan also has an integrally-coded keylogging function designed to capture and steal personal data, with the ability to snatch information from encrypted SSL streams.

The keylogging feature activates when an affected user visits a financial website, according to reports.

Information compromised by the virus includes bank and credit card account numbers, online payment details, usernames and passwords.

Don Jackson, a researcher at SecureWorks, uncovered the trojan variant, which he said sends the stolen data to a server in Russia.

The variant first attacked victims on April 17, and has stolen the account information of 2,000 home PC users, according to SecureWorks.

The trojan is believed to have stolen $2 million of financial and personal information since researchers discovered it in February, a SecureWorks spokeswoman said Friday.

Anti-virus vendors will have considerable trouble detecting the malware because of its keylogging function, according to one company.

"It is bad enough that this new version of Gozi can encrypt and rotate its program code to bypass conventional signature detection, but the fact it can switch a keylogging function on and off when the infected PC reaches an e-banking webpage makes it almost undetectable using conventional IT security technology," said Geoff Sweeney, co-founder and CTO at behavioral analysis software vendor Tier-3.

Jackson discovered the worm in January after a friend received a suspicious message from a large online financial organisation. His investigation uncovered a repository of stolen information from more than 5,200 home users and 10,000 account records – including the names and password information for top global banks, retailers, government organisations and law enforcement networks.
Tags:
contains function gozi keylogger security variant

Most Read Articles

Devastating flaw puts almost every wi-fi network at risk

Devastating flaw puts almost every wi-fi network at risk
Hacked Aussie Defence firm lost fighter jet, bomb, ship plans

Hacked Aussie Defence firm lost fighter jet, bomb, ship plans
NBN Co works to recover cost of network damage

NBN Co works to recover cost of network damage
Subaru key fob vulnerability lets hackers unlock cars

Subaru key fob vulnerability lets hackers unlock cars
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats

Events

Most popular tech stories

Log In

Username:
Password:
|  Forgot your password?