Crimeware code sells trojans to hackers

Share this article:

Security experts have detected a new crimeware creation system that sells made-to-measure trojans to hackers for $990.

The code, dubbed Trj/Briz.A by PandaLabs, stands out because its author customizes the code for hackers. The malware specializes in stealing bank details and data from web forms.

According to PandaLabs, this trojan is "the most complex example of the business network based on malware."

Apart from the code, cyber-crooks that buy this crimeware also get a complex system for controlling the infection caused by the custom-built trojan. This allows the client to get a list containing a large quantity of data about the infected computers: IP addresses, passwords and even the physical location of the computers.

In this way, the cyber-crooks can always have their malicious activity under control.

The file that causes the Trj/Briz.A infection is called "iexplore.exe." It uses this name to pass itself off as Internet Explorer. When run, it downloads different files and deactivates Windows Security Center services and Shared Internet Access. It also collects information on programs like Outlook, Eudora and The Bat, which it sends to the attacker.

To make it difficult to detect and disinfect the trojan, it also modifies the hosts file to prevent access to websites related to antivirus products.

Luis Corrons, director of PandaLabs, said that whereas hackers used to create malicious code to simply have fun, they now have direct financial goals, designing their creations based on a criminal business model.

"As authors of internet threats have changed their objective, which is now financial gain, they have also changed the way they design their threats. Therefore, they try to ensure that their creations go unnoticed, to both users and security companies, for as long as possible."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.