Banks, telecos, hotels, airlines and international betting services were among those affected by the creation and sale of Briz Trojans, a malware-creation-for-hire scam recently uncovered by security researchers.

Analysis of the data stolen by one of the customised Trojans on sale to cybercrooks through the computer underground by Spanish anti-virus firm Panda Software includes financial data that could damage affected companies. Panda is contacting affected firms to make sure they protect themselves and their clients.

The information stolen by the Trojan was stored in 2,033 files occupying 70.6MB. Of these, 62MB were text files, equivalent to 62,000 printed pages. The files were organised into folders corresponding to the nationality of each victim.

“We were surprised by the quantity of data that a single one of these Trojans was able to steal... We don't know how many were generated or sold before the system was dismantled, and so the number of companies whose data is now in jeopardy could be very high,” said Luis Corrons, director of PandaLabs, Panda Software's malware research arm.

"The sale of customised malware to cyber-crooks has now become a lucrative business model. This is not an isolated case and given the lure of financial gain motivating cyber-criminals, this type of scam is likely to proliferate in the short-term," he added. ®

Related stories

• Facebook hack service smells fishy (18 September 2009)
• Trojan phishing attack claims multiple victims (23 February 2007)
• Phishing Trojan plays ping-pong with captured data (8 August 2006)
• Spyware dominates malware production efforts (12 June 2006)
• Man fined measly $2K over anti-spyware scam (7 June 2006)
• Trojan uses smut to filch bank details (5 May 2006)
• 'Smart' phishing attack targets BoI (2 May 2006)
• Infosec Phishing goes international (26 April 2006)
• German Postbank uses e-signatures to curb phishing (7 April 2006)
• Spitzer blitzes adware (5 April 2006)
• Trojan intercepts bank tokens (24 March 2006)
• Malware potency increases as numbers drop (25 January 2006)
• Bot herder pleads guilty to 'zombie' sales (24 January 2006)
• Two-factor banking (19 October 2005)
• Dutch smash 100,000-strong zombie army (7 October 2005)
• Bot herder websites in internet take-down (13 September 2005)
• Comment Playing the phishing blame game (8 September 2005)
• Trojan phishing suspect hauled in (4 April 2005)
• Brazilian cops net 'phishing kingpin' (21 March 2005)