Scary trojan collecting “protected” login/password information

Here is a scary story about a new trojan that can infect PCs by exploiting IE flaws. The malware can then capture and send login credentials back to a “mothership.” Most notable is that SSL/TLS provides no protection since the data is captured before it is encrypted, and the fact that many antivirus products are slow at recognizing it.

Gozi Trojan

Russian malware authors are finding new ways to steal and profit from data which used to be considered safe from thieves because it was encrypted using SSL/TLS. Originally, this analysis intended to provide insight into the mechanisms used to steal that data, but it became an investigation into the growing trend of malware sold not as a product, but as a service. Eventually it lead to an alarming find and resulted in an active law enforcement investigation.

Update: I have been reading this important article more carefully and I have prepared a summary essay.

Technorati Tags: , , , , ,

2 thoughts on “Scary trojan collecting “protected” login/password information”

  1. Pingback: Andrew Patrick » One-time password security keys are here

Leave a Comment

Your email address will not be published. Required fields are marked *