‘Briz.X’ Is A Data Stealing Trojan Off Users’ ComputersPandaLabs has detected Briz.X, a new version of the Briz Trojan. It has infected nearly 14,000 users capturing all kinds of sensitive data like bank and personal details, passwords and instant messaging conversations too. PandaLabs has said that the Trojan was infecting 500 new PCs on average each day. The Briz.X helped online criminals to acquire remote access of the compromised computers. They could then use those PCs as proxies to conduct illegal activities such as sending the stolen data elsewhere where they used the information to make unauthorized money withdrawals. This process prevents the appearance of their IP addresses anywhere, so that authorities cannot readily detect them. Briz.X has been transferring the stolen information to a remote server, which PandaLabs has succeeded to reach. The server acts as the 'storefront' of all confidential data this malware sends. The information is stored in different text files of 3 Gigabytes each. With this module the hacker can conduct searches on the basis of domain or Word that will ease the determination of the stolen data he is interested in, as per Luis Corrons, technical director of PandaLabs in a statement that HelpNetSecurity published on May 24, 2007. In Q1 2007, of all the new trojans 66% were designed for monetary gain. In another statement Luis Corrons said that trojans allow their creators to earn financial profits in various ways ranging from stealing bank account passwords to changing the DNS of a server to divert users to fraudulent websites. Since trojans are extremely flexible in carrying out such crimes, their use is most prevalent. HelpNetSecurity reported this in the second week of May 2007. PandaLabs also detected a Cimuz variant in the second week of May 2007. Known as Cimuz.FH the Trojan plants a DLL in the web browser and makes it a BHO (Browser Helper Object) registry. Next it updates itself on the Internet hiding from the user's notice. Cimuz.FH also captures IP addresses and user credentials from users' PCs. The Trojan creates a file where it stores the stolen data and sends it to its author via HTTP connected to a server. Related article: “Loopholes did not cause online banking thefts”: ICBC » SPAMfighter News - 6/2/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
