New Version of Gozi Trojan, More Stealthy
A Russian Trojan horse program dubbed Gozi, known for long, is circulating in a new and more treacherous form since April 17, 2007 and has up till now pilfered personal data belonging to 2,000 home users around the world. Computerworld published this as news on May 19, 2007. The stolen information consisted of usernames and passwords; bank and credit card account numbers; Social Security numbers; and online payment account numbers.
Security researcher at Atlanta-based SecureWorks Inc., Don Jackson who detected the first Gozi Trojan in January 2007 is also the discoverer of its latest variant. Computerworld published this in news on May 21, 2007.
According to Jackson, the purpose of the new Gozi code is quite similar to the first version, but it has two fundamental enhancement characteristics. One is that it uses a new "packer" feature, so far unseen. It encrypts, hacks, condenses and also deletes sections of the Trojan program to get around usual signature-based anti-virus applications. In contrast, the earlier Gozi Trojan used a much-known packing feature called 'Upack' that made it more convenient to catch. The new Gozi variant is also capable of logging keystroke to steal data, apart from being capable of stealing information from SSL (Secure Sockets Layer) streams.
The stolen data was sent to a server, which had a professional front end that let users to access individual accounts, view indexed data and obtain answers to queries based on URL and form parameters.
SecureWorks had got in touch with many affected companies. It is also working with the law enforcement agency in addition to other related channels and notifying the remaining affected entities. Jackson stated this while assessing the Trojan program, as published by Securityfocus in the third week of March 2007.
The analysis of the Trojan horse further revealed that Gozi transmitted all the stolen information to St. Petersburg, where miscreants sold it to many unknown people on a subscription basis.
The first Gozi Trojan stole 10,000 records including confidential data of nearly 5,200 home users, companies and organizations, government bodies and law enforcement agencies prior to its discovery.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 25-05-2007