Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Smart malware steals from SSL streams  (Read 1752 times)

tickmike

  • Kitizen
  • ****
  • Posts: 3071
  • Yes Another Penguin !. :)
    • Free Download from.
Smart malware steals from SSL streams
« on: May 31, 2007, 11:17:08 PM »

Is nothing safe?  :no:

A new variant of the Russian Gozi Trojan has been discovered that is capable of stealing data during secure socket layer (SSL) transactions.

The Trojan is one of the most sophisticated yet found and has a variety of features designed to make it difficult to locate. When it detects an SSL transaction it activates and begins key-logging the infected computer to steal account details.

In addition the Trojan makes itself difficult to detect by constantly changing its coding so that signature-based systems will not detect it.

It also has its own compression software and will compress and extract portions of its code to further disguise itself.

"It is bad enough that this new version of Gozi can encrypt and rotate its program code to bypass conventional signature detection," said Geoff Sweeney, chief technical officer at security analysis software company Tier-3.

"But the fact that it can switch a key-logging function on and off when the infected PC reaches an e-banking web page makes it almost undetectable using conventional IT security technology.

"My understanding of this new version is that behavioural analysis technology is the only way of preventing an infected PC user's e-banking data from being logged and compromised."

The Trojan was discovered by Don Jackson, a researcher at SecureWorks in the US, who found that even with a malware signature, not all antivirus packages could detect the Trojan, although a few identified it as a suspicious file.

Jackson back-traced the IP address of the server to which it was sending the information and found that the details of over 5,200 home PC users, with 10,000 account records, had been compromised.

Account and log-in information for applications offered by over 300 organisations had been stolen through these infected home PCs.

"The information contained everything from bank, retail and payment services account numbers, as well as social security numbers and other personal information," said Jackson.

"The records retrieved included account numbers and passwords from clients of many of the top global banks and financial services companies (over 30 banks and credit unions were represented), the top US retailers, and the leading online retailers.

"The stolen data also contained numerous user accounts and passwords for employees working for federal, state and local government agencies, as well national and local law enforcement agencies."
Logged
I RECOMMEND TRYING / USING PCLinuxOS (www.pclinuxos.com) .
I have a set of 8 fixed IP's From my Eclipse isp.
BT ADSL2 line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >Smoothwall (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30238
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Smart malware steals from SSL streams
« Reply #1 on: May 31, 2007, 11:21:55 PM »

Thats pretty scary stuff - particulary since it seems that not all AV packages etc can pick it up. 

Also pretty worrying is the amount and type of data that seems to have been compromised :(
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

mr_chris

  • Kitizen
  • ****
  • Posts: 3776
Re: Smart malware steals from SSL streams
« Reply #2 on: May 31, 2007, 11:46:29 PM »

Ouch :( That's one of the most worrying trojans I've heard about in a while.
Logged
Chris

tickmike

  • Kitizen
  • ****
  • Posts: 3071
  • Yes Another Penguin !. :)
    • Free Download from.
Re: Smart malware steals from SSL streams
« Reply #3 on: June 01, 2007, 12:32:12 AM »

Very Very scary, :'(  I tend to do all my on-line banking on a XP pro running Microsoft free Virtual Machine 2007 software, running DSL (damn small Linux ) Distro as the 'guest'.
I open up DSL and run FireFox web browser and then do my banking, but reading about this new trojan if I got infected Not even my set-up would protect me because its looking at the ip stream.
Logged
I RECOMMEND TRYING / USING PCLinuxOS (www.pclinuxos.com) .
I have a set of 8 fixed IP's From my Eclipse isp.
BT ADSL2 line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >Smoothwall (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet