2/25/2006

Malware moves up, goes commercial

Filed under: — By Aviran Mordo @ 6:02 pm

Engineers at Panda Software, while in the process of researching a new trojan, uncovered evidence this week that led them to a web site touting custom-built viruses for sale. For the low, low price of only US$990, a user gets his or her own pet trojan horse, complete with tech support. If the file is discovered—as this current model was—the designer provides a guarantee to alter it so that it may continue to avoid detection in the face of updated antivirus software.

The trojan goes by the moniker Trj/Briz.A, and scans the user’s hard drive for information that could be used for financial and identity data. It then sends that information to an attacker working behind the scenes. Additional features include the ability to gather IP addresses and in some cases, the physical location of infected computers. It can also modify the machine to prevent access to web sites devoted to antivirus products.

The file that causes the Trj/Briz.A infection is called “iexplore.exe” It uses this name to pass itself off as Internet Explorer. When it is run, it downloads different files and stops and deactivates Windows Security Center services and Shared Internet Access. It also collects information on programs like Outlook, Eudora and The Bat, which it sends to the attacker.

Source: arstechnica

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress