Key-logging worm wriggles out of Russia

Full Article

 

that sounds wicked.

 

Hi, I want this malware pls.

 

You have to dig a little further to get more detailed information about it's method of intstallation:

http://www.secureworks.com/research/threats/gozi/?threat=gozi

Pretty easy to block.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Well, it doesn't have any peculiarity.
- Signature-based solutions have a hard time to keep up:

- But it doesn't bring any new method of infection:
* Classic drive-by download through browser vulnerability:

* Classic social engineering targeted to users whom click everything and/or don't whitelist browser-based active content (Java/Javascript) :

- It appears to hook into winsock (to intercept unencrypted data) as soon as the user goes to him/her bank:

- Also, it has classic keystroke logging capability:

Resume: nothing to worry about.

 

I knew this was nothing to bring concern about to those in the know, but I wanted to post it just to make everyone aware of its presence.

I'm cleaning someone's computer right now that got infected by a trojan that has since passed its prime, but he was on an unpatched, unprotected system and now I am spending some serious time getting it removed.

 

Should I be concerned that Gozi isn't in NOD32's virus list? If not, please explain... thanks!

 

Where did you read/hear that ...

 

I would be. You might bring this up in their Forum.

A more pertinent question should be, Can I depend on classical Signature/Heuristic-based solutions for Zero-day prevention?

From the SecureWorks analysis I mentioned in my above post:

Their analysis includes this:

In the "Prevention" section, AV heuristics and other detection measures are described as "useful." And they conclude,

Another company is SecureWave

http://www.securewave.com/home.jsp

http://www.securewave.com/endpoint_security.jsp

While SecureWorks' Services and SecureWave's products are designed for commercial use, fortunately, this technology is available for Home Users in a variety of different products, as discussed in the Anti-malware software forum.


regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Any links to their products for home users?

 

I'm not aware that they make products for home users.

For home users, I was referring to the White List (execution prevention) software discussed in the anti-malware software forum here, which will easily block the Gozi-type exploits.

Sorry for the confusion.

regards,

-rich

 

Ok, got it.

 

The reason I quoted those two companies (and I read their White Papers regularly) is that SecureWorks has the only indepth analysis (that I'm aware of) of Gozi.

Most mainstream media articles do not go into detail of how exploits work. Now, they certainly don't have to quote all of the technical details, which no one but a programmer could understand, but at least give the pertinent information which would lead one towards a solution -- as in the bold emphasis I put in the quotes in my post above.

Second, this type of White List technology was first implemented by vendors of Business and Educational security solutions. Faronics was one of the first companies to make Home versions of some of this technology. Now, thankfully, it is becoming more widespread with other vendors, and home users have quite a nice selection of solutions from which to choose.

regards,

-rich