Internet - Computer Alert
Some of you have encouraged me to post my ONLINE newspaper column here as well, and this one is pretty important because of the crimeware that you might accidently expose yourself to:
COMPLEX MALWARE SYSTEM
UNCOVERED DESPITE DESIGN
PandaLabs announced on Friday, February 24, the discovery of a malicious new computer Trojan system custom designed to spy and steal important personal data while evading discovery by other antivirus solutions.
Named Trj/Briz.A, this new Trojan stands out because of how it specializes in stealing bank details and data from web forms that are otherwise considered secure. Recording what the affected user is typing, this is a made-to-order Trojan designed to avoid detection by different antivirus solutions and is being sold to criminal hackers for $990.
The author of this new malicious code is so confident that he boldly guarantees on his website that if the Trojan is detected by an antivirus solution, it will be changed to another undetectable code.
Patrick Hinojosa, CTO of Panda Software USA, explained to me that other leading antivirus softwares are unable to discover and quickly deal with new Internet threats until they are defined and their clients’ computers download new antivirus updates with appropriate signatures.
“Due to Panda Software's TruPrevent Technologies our security software is able to detect new unknown threats such as Trj/Briz.A without signature files and before we have even seen the malicious code. Most other major anti-virus software cannot detect new threats such as this one without first having a sample sent to their labs,” he told me.
This crimeware’s code creation system, checked daily by its author, gives hackers the option to generate a Trojan that supposedly cannot be detected by any antivirus protection. Yet, in spite of this complexity, TruPrevent Technologies incorporated in Panda Software’s solutions have detected this code without needing to be able to identify it first.
This Trojan also makes detection and disinfections difficult by modifying the host’s file to prevent access to antivirus websites.
In addition to the code, cyber-crooks that buy this crimeware also receive a complex system for controlling the infection caused by the custom Trojan, allowing them to get a list containing a large quantity of data from the infected computers. Vulnerability includes IP addresses, passwords and even the physical location of computers. This gives cyber-crooks incredible control of their malicious activity.
PandaLabs is now actively working with other companies to analyze and close all the sites involved with this Trojan.
Caused by a file called “iexplore.exe,” the Trj/Briz.A infection passes itself off as Internet Explorer. But, when run, it downloads different files that stop and deactivate Windows Security Center services and Shared Internet Access. It also collects information on programs like Outlook, Eudora and The Bat, which it sends to the attacker.
Called by Panda, “the most complex example of the business network based on malware”, it profoundly demonstrates that where “hackers used to create malicious code to simply have fun, they now have direct financial goals, designing their creations based on a criminal business model”.
At press time, a search of both the Symantec (Norton) and McAfee antivirus websites for Trj/Briz.A “produced zero results”
-30-
Copyright © 2006 Hank Zevallos, All Rights Reserved.
COMPLEX MALWARE SYSTEM
UNCOVERED DESPITE DESIGN
PandaLabs announced on Friday, February 24, the discovery of a malicious new computer Trojan system custom designed to spy and steal important personal data while evading discovery by other antivirus solutions.
Named Trj/Briz.A, this new Trojan stands out because of how it specializes in stealing bank details and data from web forms that are otherwise considered secure. Recording what the affected user is typing, this is a made-to-order Trojan designed to avoid detection by different antivirus solutions and is being sold to criminal hackers for $990.
The author of this new malicious code is so confident that he boldly guarantees on his website that if the Trojan is detected by an antivirus solution, it will be changed to another undetectable code.
Patrick Hinojosa, CTO of Panda Software USA, explained to me that other leading antivirus softwares are unable to discover and quickly deal with new Internet threats until they are defined and their clients’ computers download new antivirus updates with appropriate signatures.
“Due to Panda Software's TruPrevent Technologies our security software is able to detect new unknown threats such as Trj/Briz.A without signature files and before we have even seen the malicious code. Most other major anti-virus software cannot detect new threats such as this one without first having a sample sent to their labs,” he told me.
This crimeware’s code creation system, checked daily by its author, gives hackers the option to generate a Trojan that supposedly cannot be detected by any antivirus protection. Yet, in spite of this complexity, TruPrevent Technologies incorporated in Panda Software’s solutions have detected this code without needing to be able to identify it first.
This Trojan also makes detection and disinfections difficult by modifying the host’s file to prevent access to antivirus websites.
In addition to the code, cyber-crooks that buy this crimeware also receive a complex system for controlling the infection caused by the custom Trojan, allowing them to get a list containing a large quantity of data from the infected computers. Vulnerability includes IP addresses, passwords and even the physical location of computers. This gives cyber-crooks incredible control of their malicious activity.
PandaLabs is now actively working with other companies to analyze and close all the sites involved with this Trojan.
Caused by a file called “iexplore.exe,” the Trj/Briz.A infection passes itself off as Internet Explorer. But, when run, it downloads different files that stop and deactivate Windows Security Center services and Shared Internet Access. It also collects information on programs like Outlook, Eudora and The Bat, which it sends to the attacker.
Called by Panda, “the most complex example of the business network based on malware”, it profoundly demonstrates that where “hackers used to create malicious code to simply have fun, they now have direct financial goals, designing their creations based on a criminal business model”.
At press time, a search of both the Symantec (Norton) and McAfee antivirus websites for Trj/Briz.A “produced zero results”
-30-
Copyright © 2006 Hank Zevallos, All Rights Reserved.