Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Analysis Leads To Russian Data Hoard

Posted by kdawson on Thursday March 22, 2007 @01:40AM from the Gozi-dissected dept.

Stolen Identity writes "An attack by a single Trojan variant compromises thousands, circumvents SSL, and uploads the results to a Russian dropzone server. A unique blow-by-blow analysis reveals evidence of cooperation between groups of malware specialists acting as service providers and points to the future of malware's growing underground economy."

3 of 103 comments (clear)

Min score:

Reason:

Sort:

Re:What About Firefox Users? by Aladrin · 2007-03-22 02:05 · Score: 4, Informative

You stopped reading too early. Later in TFA, it shows a screencap of the website that has badly translated text that basically says 'Snatch 2 - will work on firefox'. In other works, you're not affected... yet.

--
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Re:IP traceback by Klaus_1250 · 2007-03-22 02:23 · Score: 4, Informative

I doubt they will use a single IP for long, in fact, I would say that if they are pro's, they'll only use it for several hours. There are quite a few organizations tracing and logging such IP's and some of the better security software blocks them. The longer you use a single IP, the less effective they'll be and the higher the risks.

--
It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
Re:What About Firefox Users? by Cyberax · 2007-03-22 02:43 · Score: 4, Informative

No, IE uses a layer called WinInet to access the Internet (http://msdn2.microsoft.com/en-us/library/aa385483 .aspx). It automatically provides SSL/TLS connectivity to IE.

FireFox uses basic sockets and encrypts data using standalone SSL library.