These include a packing utility that encrypts, compresses and deletes sections of the virus code in order to evade detection by signature-based anti-virus software.
The Trojan also has an integrally coded keylogging function designed to capture and steal personal data, with the ability to snatch information from encrypted SSL streams.
The keylogging feature is activated when a user on an infected computer visits an e-banking website, according to reports.
So far, information compromised by the virus includes bank and credit card account numbers, online payment account details, usernames and passwords.
Don Jackson, a researcher at SecureWorks, uncovered the Trojan variant, which sends the stolen data to a server located in Russia.
"It is bad enough that this new version of Gozi can encrypt and rotate its program code to by-pass conventional signature detection, but the fact it can switch a keylogging function on and off when the infected PC reaches an e-banking web page makes it almost undetectable using conventional IT security technology," warned Geoff Sweeney, co-founder and chief technology officer of behavioural analysis software company, Tier-3.
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
