Ads

Best offers

Ads
All about Miscellaneous
 Latest Miscellaneous articles
Exclusive Interview: Nvidia's Ian Buck Talks GPGPU

Exclusive Interview: Nvidia's Ian Buck Talks GPGPU
With Snow Leopard and Windows 7 both offering GPGPU capabilities, we wanted to talk to Nvidia's Ian Buck. Not only is he one of the fathers of Brook, the programming language ultimately adopted by AMD/ATI, but the head of Nvidia's CUDA group as well. Read More

  • Beamforming: The Best WiFi You’ve Never Seen
    Forget 802.11n Draft 2.0. The future of video-capable WiFi depends on a signal-boosting technique called beamforming. We put the pioneers in this frontier through some real-world testing to find out which technology is going to change the wireless world. Read More
All Miscellaneous articles

Newsletters


  • Ask your question about IT issues
  • Post

Partners

The Games selection

adventure : Scoobydoo: Episode 2 The sequel of Scooby and Sammy's adventures. Same principle as in the previous episode (available on this website). Click on "Instructions" to see...
crazy : Xiao Xiao 7 A great fight scene from the animation movies Xiao Xiao.
Ads

Sponsored links

Build-to-order trojan horse service offers customized malware for $990

Next news
3:08 PM - February 24, 2006 by The Editors of Tom's Hardware



Glendale (CA) - Antivirus specialist Panda Software says it has discovered a "complex malware creation system" that allows individuals to purchase "made-to-measure" trojan horses for a flat fee of $990. The money buys not only the malware, but also a service that monitors the infection rate and provides code modifications, if the trojan is detected by antivirus software.

It has been speculated for some time that virus authors are shifting their activities from using malware for their own purposes to creating a service-based business. For example, large spamming operations are believed to be in close contact with virus authors. Panda Software now has found further evidence for a trend towards a malware service business: The company was able to track down information bits included in a currently spreading virus - and found a network that offers individuals or organizations customized trojan horses for purchase.

The trojan that led to the discovery is called Trj/Briz.A, which is tailored to extract bank details and data from web forms from infected computers. Patrick Hinojosa, chief technology officer at Panda Software told TG Daily that Panda "has been working on this issue for a couple days" and initiated further investigations into the source of the malware after the company had found "suspicious information that led to other servers". Tracking down the source, Hinojosa said that Panda ended up at ordering information for trojan horses as well as details on where malware is housed and what features the software could deliver.

While Hinojosa does not believe that the organization offering the trojan horse service has released other malware so far, he mentioned that Trj/Briz.A is not a proof of concept. "This code is written heavily towards the goal of data theft and aims at extracting personal financial information," he said. "We believe someone may have bought this trojan horse."

According to the promises made by the trojan horse authors, the customer apparently has little to worry, at least for now. The $990 that apparently was paid for Trj/Briz.A also includes the service to get the code modified, as soon as it is identified by anti-virus software.

The infection with Trj/Briz.A is caused by executing the file "iexplore.exe." When it is run, it downloads different files and stops and deactivates Windows Security Center services and Shared Internet Access. It also collects information on programs like Outlook, Eudora and The Bat, which it sends to the attacker, Panda said. To hide its presence and protect the infection, the malware also modifies the hosts file to prevent access to websites related to antivirus products.

Hinojosa told us that Panda has identified the server on which the trojan horse is operating from and is working with "international agencies" to investigate the matter. He mentioned that he was not at liberty to publicly reveal the location of the detected server - which is believed to be a front-end server of a more complex network.

At the time of this writing, it was unclear which damage Trj/Briz.A has caused so far.

Source : Tom's Hardware US

Talkback
Add your comment
Comments are closed on this page.

Sponsored links