Discovery of New 'Briz Trojan' Allows Attackers to Gain Remote Control of Computers to Carry Out Online Fraud
Posted on: Friday, 20 October 2006, 09:00 CDT
GLENDALE, Calif., Oct. 20 /PRNewswire/ -- PandaLabs has detected the appearance of the new Briz.R Trojan that allows an attacker to gain remote control of affected computers and redirect users to spoofed web pages designed to steal confidential data.
The origin of Briz.R is related to the scam of creating and selling customized versions of Briz detected and dismantled by PandaLabs a few months ago.
"After inspecting this new Trojan's code, we are almost certain this is the creation of the same author that designed the first Briz Trojan. It seems that, as the customized Trojans business could not go forward, the author has decided to use them directly to gain financial profit," said Luis Corrons, director of PandaLabs.
Briz.R can reach computers through web pages, downloads of suspicious programs and such. However, the author has not distributed it widely to avoid detection by security companies.
The Briz.R attack begins with the installation of a file called iexplore.exe, which serves to detect an internet connection. Once a connection is detected, it downloads another file called ieschedule.exe, which stores the configuration parameters of the Trojan, such as the port number through which it will send the information stolen.
Another downloaded component is the ieserver.exe, which creates a web server on the computer. The function of this web server is to redirect any user trying to access a certain web address, to spoofed web pages, designed to steal personal data. Many of the web pages being spoofed belong to online financial services. Any data entered into these spoofed web pages are then forwarded to cyber criminals. .
This web server also allows the attacker to gain remote control of the affected computer by installing an application programmed in PHP called phpRemoteView.
Briz.R also downloads a component called smss.exe, which modifies the system host file. These modifications prevent access to a large number of web pages related to IT security.
TruPrevent(TM) proactive protection technologies have detected and blocked Briz.R without identifying itself first, and therefore, without needing updates. For this reason, computers with these technologies installed have been protected from the moment this threat first appeared.
"There has been a marked increase in the number of malicious code like Briz.R, which are designed to go unnoticed by users and security companies alike, with the latter unable to generate vaccines as they are unaware of its existence. This problem needs to be resolved with technological solutions. Traditional anti viruses are no longer sufficient, and must be complemented with proactive technologies, able to detect the presence of malware with no need for updates," adds Luis Corrons, director of PandaLabs.
To help as many users as possible scan and disinfect their systems, Panda Software offers free, online anti-malware solution, Panda ActiveScan, which also detects spy ware, at http://www.activescan.com/.
Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.
For further information about these and other computer threats, visit http://www.pandasoftware.com/.
About Panda Software, USA
Panda Software (http://www.pandasoftware.com/) is a world-class developer and provider of integrated security solutions designed to neutralize viruses, hackers, Trojans, spyware, phishing, spam and other pervasive Internet threats. With Panda Software's revolutionary TruPrevent(TM) Technologies, the company's innovative products are on the leading-edge of intelligent security solutions, ensuring clients are protected even against new threats that have yet to be identified. PandaLabs, the most rapid response laboratory in the industry, delivers comprehensive updates to users, providing a worldwide response to malware 24 hours a day, 7 days a week, all year round.
Panda Software, USA
CONTACT: Sonia Awan, Director of Public Relations of Panda Software,USA, +1-818-543-6909, sawan@pandasecurity.com
Web site: http://www.pandasoftware.com/
Source: PRNewswire
Related Articles
- Panda Software's TrustLayer Mail Security Service Offers Money Back Guarantee on 100% Virus-Free Email
- Panda Software Offers Anti-Phishing Tips for 2007
- The Panda Software Virus Yearbook of 2006
- The New PandaLabs Blog, Created By Panda Software's IT Security Laboratory Is a Commented Forum Providing the Most Recent Virus Activity and Its Consequences
- Panda Software's Weekly Viruses and Intruders Report
- Viruses and Intruders This Week: A Report By Panda Software, USA
- Panda Software Issues Orange Alert for BarcPhish - a Phishing Attack Targeting Barclays Bank Clients
- Panda Software and RSA Security Help Dismantle a Network Swindling Pay-Per-Click Systems
- Panda Software Reports on Comprehensive Cybercrime Phishing Attack and Information Theft in a Single Trojan
- Two New Worms Strike Down Computer Systems, Opening Them for Possible Criminal Activity, Reports Panda Software
 |
 |
User Comments (0)
RSS Feeds