New variant Gozi Trojan raged again

Since April 17, there have been more than 2,000 home users falling victim to the latest variant of Gozi data theft Trojan. The new Gozi variant has been rated extremely dangerous with new upgrades and equipped with the ability to hide itself more highly in the face of.

Since April 17, there have been more than 2,000 home users falling victim to the latest variant of Gozi data theft Trojan.

The new Gozi variant has been rated extremely dangerous with new upgrades and equipped with the ability to hide itself higher than many antivirus security applications.

Gozi's goal is personal bank account information, online payment accounts, personal identification codes . And like the previous version, this time also has the ability to steal code information. SSL security. Any stolen information will then be sent to a server located in Russia.

The man who was able to discover the new Gozi variant is the security researcher Don Jackson of SecureWorks. This was the same person who discovered the original version of Gozi in January.

"Upgrade"

New variant Gozi Trojan raged again Picture 1New variant Gozi Trojan raged again Picture 1 Expert Jackson said the source code of the Gozi variant is very similar to its original version but has been added with important upgrades.

The first upgrade is to add new product packaging features with the ability to encrypt, split, compress and even delete part of the source code to bypass antivirus security applications. While the old version of Gozi uses the usual Unpack application compression feature, it is relatively easy to detect.

The new Gozi variant is also equipped with new keyboard tapping capabilities and the ability to steal SSL encrypted data. Specialist Jackson said Gozi's keylogger feature is only activated when a user accesses a bank's website or website with an SSL connection.

This Gozi variant also takes advantage of a security flaw in Internet Explorer to break into users' PCs when they access a malicious website with code exploiting errors.

SecureWorks has now contacted the authorities to help remove the server that receives data that Gozi has located in Russia.

Gozi original version stole more than 10,000 records of confidential information of more than 5,200 home and business users and organizations.

Hoang Dung

4 ★ | 2 Vote