Return of password stealer Trojan

With more than 2700 computers in 120 countries being infected with a new variant of the Briz Trojan, international security experts have resumed discussion on the threat, the strategies, processes and technology to deal with the challenges of the changing threat environment.

The genesis of Briz.I,a password stealer type Trojan can be traced back to an earlier scam which offered made-to-order versions of Briz for $990.Threats posed by Briz.I are galore. Simulating an Internet Explorer process under the name of "iexplore.exe", it can steal passwords and online banking details, prevent users from accessing websites belonging to certain anti-virus companies and allows the computer to be used as a gateway to connect to other Web pages while masking the identity of the attacker.

It integrates itself into Internet Explorer and captures all information entered into online forms. It also downloads a file that sends information -- including the IP address or country of the infected computer to the attacker's website.

Trojans generally use NTFS to infect files on Windows. The virus replaces the original host file and stores it in a different stream. As a result infected file's size becomes 3,628 bytes regardless of its original size.

Briz.I surfaced following the analysis of a recently discovered Trojan, Briz-A, which revealed the existence of a complex system dedicated to creating and selling of a malware designed for stealing personal and confidential data.

The racket was exposed by a software company, which suggested that Briz.I could have been created and sold by the original author. Luis Corrons, director of Panda Software in a statement on 2 June 2006 pointed out that the creator of the original Trojan might have decided to profit directly using the same trojans that were sold before. The creators have been distributing Briz.I from certain Web pages, mostly related with illegal or pornographic content. The current malware developers are zealously profit driven and thus surreptitiously attempt to capture data and login details to commit fraud.

Software and security companies worldwide are working to identify and close down each of the websites related to this network and prevent the threat from spreading. What makes their work difficult is the camouflaging acumen of Briz.I designers, which gives the Trojan immunity from security software.

Signature-based detection technologies have become functionally obsolete as trojans can easily intrude and punch holes in the system. Proactive technologies such as TruPrevent(TM) are designed exclusively to counter the menace for they can detect malware without having previously identified them. However with the changing security environment only time can give the final verdict.

Related article: Return-Oriented Programming Changes Good Software Malicious

» SPAMfighter News - 15-06-2006

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial