Security Researchers Revealed Cache of Data Thief

SecureWorks, a security firm, announced that they have revealed an earlier unknown Trojan and its related data cache that showed rising advancements among data pilferage, as reported by securityfocus on March 20, 2007.

Gozi, a Russian Trojan program, remained concealed for over 50 days. The program has thieved secret information worth $2 million on the black market. Over 10,000 private records associated with around 5,200 US users were hijacked. The stolen data included around 2,000 social security numbers, alongwith user names, account numbers, and passwords for e-commerce Websites and bank accounts, as reported by techworld on March 21, 2007.

The thieved data consist of employee sign-in details to application from over 300 government organizations and companies, including various law enforcement bodies at the state and federal level. Also included in the stole data were medical details of healthcare employees and patients. Their user names and passwords were pilfered through their home PCs.

SecureWorks had spoke to many of the affected companies and is working via various methods, including law enforcement, to inform the remaining sufferers, stated Don Jackson, security researcher, SecureWorks, in his analysis of Trojan as reported by securityfocus on March 20, 2007.

Gozi sent the stolen data to St. Petersburg. The information was sold there on subscription basis to an unknown number of people. All this came into light while studying the characteristic of Gozi.

The analysis of the Trojan program revealed that it was designed to pilfer information from encrypted SSL (Secure Sockets Layer) streams and dispatch it to Russia-based server. The Trojan horse took advantage of flaw in iFrame tags of Internet Explorer of Microsoft Corporation. Basically, the buffer overflow vulnerability allows hackers to completely control the compromised computer. In the case of this program, the users exploited by the Gozi Trojan horse seem to have gone to many hosted Websites, social networking Websites, community forums, and sites of small businesses.

SecureWorks informed that the Gozi, the recent Trojan, go undetected since atleast December 13. Don Jackson revealed details of this Russian Trojan and stolen data in January '07. Jackson also said that there're atleast two more known editions of Gozi.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 3/27/2007