Feeds

Trojan uses smut to filch bank details

Custom malware

Internet Security Threat Report 2014

Hackers have developed a sophisticated Trojan-based attack which uses the lure of pornography to steal bank details from victims' PCs.

The Briz-F Trojan has been planted on pornographic websites and takes advantage of software vulnerabilities to launch a complex attack which culminates in the compromise of an infected Windows PC. Although drive-by downloads are the main vector of the Briz-F attack, it is also possible to encounter the Trojan through other means, such as email messages, files downloaded from the net, and P2P file sharing.

The modus operandi of Briz-F is elaborate. Many of the files the Trojan installs on the system self-destruct once they have carried out their purpose, making it difficult to know whether a user has been the victim of an attack. Some of these files disable security software.

Meanwhile, a file called ieschedule.exe sends information about an infected computer (name, IP address, location, etc) to an address established by an attacker. At the same time, the malware downloads other files, including one called ieredir.exe, which redirects users to spoof web pages when they try to connect to particular online services, mainly related to online banking. It also collects information from Windows Protected Storage and email programs Outlook, Eudora and The Bat, which it sends to the attacker.

The emergence of the attack is a "consequence of the scam for creating and selling customised versions of Briz", according to Spanish anti-virus firm Panda Software, which identified the assault.

Luis Corrons, director of PandaLabs, Panda's virus research division, said: "The characteristics of Briz-F would indicate that, either the creators of the scam have decided to profit from the modification of the original Trojan, or have managed to set up a new scam for creating and selling malicious code". ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.