These include a packing utility that encrypts, compresses and deletes sections of the virus code in order to evade detection by signature-based anti-virus software.
The Trojan also has an integrally coded keylogging function designed to capture and steal personal data, with the ability to snatch information from encrypted SSL streams.
The keylogging feature is activated when a user on an infected computer visits an e-banking website, according to reports.
So far, information compromised by the virus includes bank and credit card account numbers, online payment account details, usernames and passwords.
Don Jackson, a researcher at SecureWorks, uncovered the Trojan variant, which sends the stolen data to a server located in Russia.
"It is bad enough that this new version of Gozi can encrypt and rotate its program code to by-pass conventional signature detection, but the fact it can switch a keylogging function on and off when the infected PC reaches an e-banking web page makes it almost undetectable using conventional IT security technology," warned Geoff Sweeney, co-founder and chief technology officer of behavioural analysis software company, Tier-3.
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
