Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Analysis Leads To Russian Data Hoard

Posted by kdawson on from the Gozi-dissected dept.

Stolen Identity writes "An attack by a single Trojan variant compromises thousands, circumvents SSL, and uploads the results to a Russian dropzone server. A unique blow-by-blow analysis reveals evidence of cooperation between groups of malware specialists acting as service providers and points to the future of malware's growing underground economy."

4 of 103 comments (clear)

  1. Speads!=Affects by Anonymous Coward · · Score: 3, Informative

    You need IE to install the trojan, once it is running it will compromise all SSL traffic.

  2. Re:What About Firefox Users? by Aladrin · · Score: 4, Informative

    You stopped reading too early. Later in TFA, it shows a screencap of the website that has badly translated text that basically says 'Snatch 2 - will work on firefox'. In other works, you're not affected... yet.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  3. Re:IP traceback by Klaus_1250 · · Score: 4, Informative

    I doubt they will use a single IP for long, in fact, I would say that if they are pro's, they'll only use it for several hours. There are quite a few organizations tracing and logging such IP's and some of the better security software blocks them. The longer you use a single IP, the less effective they'll be and the higher the risks.

    --
    It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
  4. Re:What About Firefox Users? by Cyberax · · Score: 4, Informative

    No, IE uses a layer called WinInet to access the Internet (http://msdn2.microsoft.com/en-us/library/aa385483 .aspx). It automatically provides SSL/TLS connectivity to IE.

    FireFox uses basic sockets and encrypts data using standalone SSL library.