Members Login
    Remember Me  
Post Info TOPIC: UPDATE The Briz.X Trojan and now new "Pirates Trojan"

Top Poster

Status: Offline
Posts: 3757
UPDATE The Briz.X Trojan and now new "Pirates Trojan"

The Briz.X Trojan has already stolen the confidential details of 14,000 users


Posted on 24.05.2007

PandaLabs has detected a new variant of the Briz Trojan, called Briz.X, which has already infected almost 14,000 users, stealing all types of information, such as bank and personal details, all types of passwords and even instant messaging conversations, etc. According to PandaLabs, it is continuing to infect an average 500 new computers per day.

Briz.X sends the information it steals to an Internet server, which PandaLabs has managed to access. This server stores all the confidential details this malware has stolen to date. This information is divided into texts files occupying over 3 Gigabytes.

Given the huge volume of data it is capable of stealing, the author of this Trojan has included a parser module (a program that extracts information from documents and prepares it for indexing and searches). This module allows the hacker to carry out searches by domain or word in order to easily find the stolen information he is most interested in, explains Luis Corrons, Technical Director of PandaLabs.

Whats more, the module includes an option that allows patterns to be defined to filter the information. The server located by PandaLabs already contained filters, such as,, or This means that the hacker can rapidly access the stolen information related to these pages, such as user names, passwords, or bank details, adds Luis Corrons.

The Briz.X Trojan also allows cyber-criminals to gain remote access to the infected computers. Therefore, they can use them as a proxy computer to carry out illegal activities, such as transferring the stolen information or money. In this way, they ensure that their IP address does not appear anywhere, making it more difficult for the authorities to detect them.

The first variant of the Briz Trojan family detected by PandaLabs (Briz.A) was related to the creation and sale of made-to-measure Trojans, which was dismantled thanks to the efforts of Panda Software.

[ Virus Center main page ]


-- Edited by budnonymous at 06:46, 2007-05-26


Exposing the sleazery of ebaY and PayPal


Top Poster

Status: Offline
Posts: 3757
RE: The Briz.X Trojan has already stolen the confidential details of 14,000 users

Pirates Trojan keel-hauls surfers

Thar she blows

Published Friday 25th May 2007 20:39 GMT

Spam messages exploiting the publicity surrounding the release of the latest instalment of the Pirates of the Caribbean film franchise are being used to trick users into installing Trojan horse malware.

The junk mails feature a message that resembles promotional material for the film alongside links that supposedly point users towards trailers for Pirates of the Caribbean: At Worlds End. Prospective marks are also offered the chance to win free tickets.

Users attempting to download this trailer are, in reality, only offered the Pirabbean-A ( Yar-A) Trojan.

The malware attempts to switch victims' dial-up connections onto a premium-rate number.

The Pirabbean-A Trojan uses a number of social engineering tricks in a bid to avoid detection.

When the Trojan is run, it shows an error message, claiming that the clip failed to load because a user's PC lacks the necessary codecs. Fans are pointed towards the film's official site. The tactic is an attempt to stop users from suspecting that something amiss may have happened to their machines, making it less likely that users will run an anti-virus check. To make doubly sure, the Trojan also attempts to disable anti-virus software.

The Trojan edits some Internet Explorer settings as well, adding two URLs to a user's Favorites. These maliciously constructed sites are designed to seed other forms of dialler software onto the PCs of prospective marks.

The attack is far from the first time that hackers have used interest in Hollywood's produce to punt their wares. Previous malware strains have posed as clips from Harry Potter movies or targeted fans of such favourites as Kill Bill and Star Wars.


Exposing the sleazery of ebaY and PayPal


Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to

Create your own FREE Forum
Report Abuse
Powered by ActiveBoard