Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Analysis Leads To Russian Data Hoard

Posted by kdawson on from the Gozi-dissected dept.

Stolen Identity writes "An attack by a single Trojan variant compromises thousands, circumvents SSL, and uploads the results to a Russian dropzone server. A unique blow-by-blow analysis reveals evidence of cooperation between groups of malware specialists acting as service providers and points to the future of malware's growing underground economy."

5 of 103 comments (clear)

  1. IP traceback by jshriverWVU · · Score: 2, Insightful

    Can't you just do a traceroute on the IP that this info is being sent to? Seems this would be a nice way of figuring out where the info is going. Then blacklist it or possibly a range router side.

  2. Re:Possible solution... by BlueTrin · · Score: 4, Insightful

    I guess the major flaw would be that I could write code and report it ?

    --
    Don't you know it is now both immoral and criminal to think beyond the next quarterly report?
  3. i'm in awe by circletimessquare · · Score: 3, Insightful

    reading that article is like looking at the blueprint for a neutron bomb: beautiful, magnificent, and pure evil

    the mind boggles at what these men (or women) of such high craft could achieve were they to devote their genius to good efforts rather than bad. as it is, in the business they are in, they will probably very rapidly come under the thumb of the russian mafia, if they aren't already. then their life will be on a short leash, that, if they attempt to tug, will land them with a swift reprimand from guys you don't want to know what a swift reprimand from is like

    sad. these are no script kiddies here. these are smart blokes. and they are also doomed to a life under the thumb of men a thousand times more evil than their devilish and brillaint exploits ever could be

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. Who's the target customer? by BobMcD · · Score: 4, Insightful

    What frustrates me a bit about TFA is where they stopped. They identified what the malware is, does, where it comes from, etc. They seem to have left out the 'why' part of the equation. Who would buy the data, and for what purpose? Dig a little deeper here. What we are defending against becomes a lot clearer when the motives of the attacker are known. This exploit is sophisticated and mature. It appears to be a viable business. This is not the action of an individual bent on personal gain, rather a true-world example of organized crime. This is much more serious than we're being led to believe. This is what gives me pause: What kind of customer would pay for access to such a broad set of data?

  5. Re:What About Firefox Users? by Ilgaz · · Score: 2, Insightful

    I think non technical Firefox users may have same risk as OS X users by thinking they are already secure by default and not caring about some simple security methods.

    So the sense of security is the security risk there.