PandaLabs has detected a new variant of the Briz Trojan, called Briz.X, which has already infected almost 14,000 users, stealing all types of information, such as bank and personal details, all types of passwords and even instant messaging conversations, etc. According to PandaLabs, it is continuing to infect an average 500 new computers per day.
Briz.X sends the information it steals to an Internet server, which PandaLabs has managed to access. This server stores all the confidential details this malware has stolen to date. This information is divided into texts files occupying over 3 Gigabytes.
Given the huge volume of data it is capable of stealing, the author of this Trojan has included a parser module (a program that extracts information from documents and prepares it for indexing and searches). This module allows the hacker to carry out searches by domain or word in order to easily find the stolen information he is most interested in, explains Luis Corrons, Technical Director of PandaLabs.
Whats more, the module includes an option that allows patterns to be defined to filter the information. The server located by PandaLabs already contained filters, such as paypal.com, ebay.de, or yahoo.com. This means that the hacker can rapidly access the stolen information related to these pages, such as user names, passwords, or bank details, adds Luis Corrons.
The Briz.X Trojan also allows cyber-criminals to gain remote access to the infected computers. Therefore, they can use them as a proxy computer to carry out illegal activities, such as transferring the stolen information or money. In this way, they ensure that their IP address does not appear anywhere, making it more difficult for the authorities to detect them.
The first variant of the Briz Trojan family detected by PandaLabs (Briz.A) was related to the creation and sale of made-to-measure Trojans, which was dismantled thanks to the efforts of Panda Software.
Spam messages exploiting the publicity surrounding the release of the latest instalment of the Pirates of the Caribbean film franchise are being used to trick users into installing Trojan horse malware.
The junk mails feature a message that resembles promotional material for the film alongside links that supposedly point users towards trailers for Pirates of the Caribbean: At Worlds End. Prospective marks are also offered the chance to win free tickets.
Users attempting to download this trailer are, in reality, only offered the Pirabbean-A ( Yar-A) Trojan.
The malware attempts to switch victims' dial-up connections onto a premium-rate number.
The Pirabbean-A Trojan uses a number of social engineering tricks in a bid to avoid detection.
When the Trojan is run, it shows an error message, claiming that the clip failed to load because a user's PC lacks the necessary codecs. Fans are pointed towards the film's official site. The tactic is an attempt to stop users from suspecting that something amiss may have happened to their machines, making it less likely that users will run an anti-virus check. To make doubly sure, the Trojan also attempts to disable anti-virus software.
The Trojan edits some Internet Explorer settings as well, adding two URLs to a user's Favorites. These maliciously constructed sites are designed to seed other forms of dialler software onto the PCs of prospective marks.
The attack is far from the first time that hackers have used interest in Hollywood's produce to punt their wares. Previous malware strains have posed as clips from Harry Potter movies or targeted fans of such favourites as Kill Bill and Star Wars.