Hybrid SSL/keylogger gozi trojan steals personal data
New malware variant hides code from anti-virus applications and triggers keylogger when user visits banking website.
A new form of the Gozi trojan is currently spreading across the internet, infecting thousands of computers and has so far stolen the personal data of thousands.
The variant is similar to the original worm, first detected in January, but two new features of the malicious code make it more deadly than before, according to experts.
The trojan has the ability to steal data from an SSL stream and also contains an integrally-coded keylogger which is only triggered when an infected machine is used to access a banking website.
But according to a researcher at IT security company SecureWorks, the malware has now "improved" its keylogger and also sports a packing utility that hides the virus code by compressing, encrypting and deleting parts of the code to evade detection by anti-virus products.
"It is bad enough that this new version of Gozi can encrypt and rotate its program code to by-pass conventional signature detection, but the fact it can switch a keylogging function on and off when the infected PC reaches an e-banking web page makes it almost undetectable using conventional IT security technology," said Geoff Sweeney, co-founder and chief technology officer of behavioural analysis software developers Tier-3.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of business
Free DownloadThe mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloud
Free Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystem
Free Download
