The criminals behind the websites offered hackers the chance to generate custom designed trojans that can foil traditional security solutions as tools of targeted attacks, i.e. attacks on specific users of specific financial institutions.
In addition, buyers would receive a system for monitoring the status of the infections caused, providing them with a large quantity of data about the infected computers: IP addresses, passwords and even the physical location of the computers.
The websites were discovered after Panda Software recently detected a new trojan, called Trj/Briz.A, which was previously unknown to security companies. The firm conducted an in-depth analysis of this trojan's code, detailed to assist in scams, leading to the trojan's termination. Given the "seriousness and sophistication of the attack," Panda contacted RSA Cyota's 24/7 Anti-Fraud Command Center, which helped to disable the web pages selling malware by contacting the ISPs hosting the site and identifying them as a source of these illicit trojan services.
Due to this combined effort, three websites selling trojans were shut down by the ISPs hosting them, as well as two others on which hackers found information about infections their malware cause. Luis Corrons, director of PandaLabs: "The collaboration between RSA Security and Panda Software has been key to rapidly dismantling these dangerous websites for creating and selling targeted malware. Thanks to this, it has been possible to make the necessary changes to make all sites involved inaccessible."
"In the rapidly evolving world of online fraud, it is critical to have industry collaboration and knowledge sharing such as Panda Software and RSA Security demonstrated in this complex and sophisticated case," added Chris Young, senior vice president and general manager of RSA Cyota Consumer Solutions. "We are determined to keep our global financial institution customers one step ahead of the fraudsters; strategic partnerships and collaboration such as this expands our reach and enhances our ability to respond rapidly and decisively as new attacks emerge."