Russian Trojan targets bank account
SecureWorks warned a Russian criminal organization is using the Gozi trojan to steal personal information by exploiting an Internet Explorer vulnerability.
SecureWorks warned a Russian criminal organization is using the Gozi trojan to steal personal information by exploiting an Internet Explorer vulnerability.
According to a recent report, the trojan has been specifically designed to bypass banks' protection systems and has stolen information about 10,000 records.
A spokesman for SecureWorks, the first security firm that discovered Gozi said that in its code there are components that trick the account validation system used by banks. SecureWorks calls on the financial community to be alert to the next attacks.
Analysts from SecureWorks said Gozi started operations on December 13, 2006. It was only discovered 50 days later, when it stole about 10,000 records, with personal information of about 5,200 people and about 2,000 social security cards.
' Interestingly, many banks that have customers attacked have a user identity system .' The representative of SecureWorks said via e-mail: ' However, the information that Gozi collected allows people to pass through the security system quite easily '. Stolen information includes account numbers and passwords of users at the world's leading banks, money transfer services and retailers. In addition, hackers also obtained login information of employees to bypass law applications. These data were sold by Russian hackers for about $ 2 million.
Don Jackson, a specialist at SecureWorks, said many home computers are infected when users visit online gaming and entertainment forums.
SecureWorks said it had informed the US authorities in February, and is continuing to support the investigation.
Mr. Jackson confirmed that the mother server dispersed Gozi is located in Russia, belonging to a record business network 'not very clean' and is considered the gathering point of those who distribute trojans, spyware, phishing tools, . Places. Only selling stolen data has been deleted but the server is still active and continues to receive new data from Gozi.
Hoang Minh
You should read it
- New variant Gozi Trojan raged again
- What you need to know about an information security analyst
- XML and information on demand
- Information security test has the answer P3
- Things to know about a CIO (CIO)
- How to improve information security for schools
- Vietnam reached the top 10 countries with the most leaked Facebook information in the world
- Things to know about an information system security manager
- Information security test?
- 4 types of 'noise' information should be ignored
- Learn about information security engineers
- 10 Tips for securing your personal information on the internet
Maybe you are interested
What is Great Discover Virus? How to remove Great Discover virus Troll friends by creating a 'fake' virus on Notepad Steps to remove temporary files stored on Kaspersky Instructions for changing language interface on Kaspersky Lab security programs How to kill Net-Worm.Win32.Kido virus How to scan viruses on Windows with Process Explorer