Computers Hit By Briz.R Trojan
Briz.R is a very dangerous Trojan that is designed to give cyber-criminals the complete access to infected computers. It redirects the users to fake pages designed to thieve the confidential data. Origin of Briz.R is linked to the swindle of creating & selling custom-made variants of Briz that were detected and disassembled some time back by the company.
Luis Corrons, Director, PandaLabs, stated that after inspecting the code of new Trojan, they are sure that author of the first Briz Trojan has created this. It appears that because the business of tailor-made trojans could not rise, the author has make up his mind to use them for financial gains.
Briz.R attack starts with iexplore.exe file installation that is designed for the detection of Internet connection in computer. If net is connected, ieschedule.exe file is downloaded that is used to stock parameters linked with Trojan, like port that is used to send stolen data.
Another constituent downloaded is ieserver.exe that creates web server in computer. Web server redirects the users to fake web pages (that are designed to get personal data) whenever they try to reach some Internet addresses, most of them linked with online financial services.
If a user enters the data on these fake pages, the Trojan capture the details and transfer it to cyber-criminals. Also, the web server gives complete remote control over the machine through installation of an application programmed in PHP, known as phpRemoteView. Briz.R modifies the system host file to ignore the access to security linked web pages.
The malicious codes, like Briz.R, have increased significantly. These codes are developed to go unnoticed by users and the security firms alike. So security firms are unable to find any solution for the problem, as they are not aware of its existence.
The issue needs to be dealed with technological solutions. Conventional anti-viruses are not sufficient anymore. They must be blended with proactive measures that are able to detect the malware existence and need no updates.
Related article: Computer Virus Writers Adopt New Strategy
» SPAMfighter News - 24-10-2006