Hackers have recently released a new type of Trojan targeting the theft of bank account information from computer users.
The Briz-F Trojan is considered a highly complex type of Trojan that is “planted” on websites distributing pornographic images or exploiting vulnerabilities in software to launch a sophisticated attack on vulnerable PC systems.
The main feature of the Briz-F Trojan attack is “drive-by download,” allowing this Trojan to download malicious code onto the victim’s system through file sharing over peer-to-peer networks and the Internet.
The operation of the Briz-F Trojan is relatively complex. Many files from this Trojan installed on the infected system have the ability to self-destruct after completing their tasks, making it difficult to detect the attack. Some files can even disable security software.
Specifically, the file ieschedule.exe is responsible for sending information from the infected system, such as the username, IP address, location, etc., to a predetermined address of the attacker. Meanwhile, this malware also downloads other files – for example, the file ieredir.exe, which can redirect access to any online service, especially online banking services, to a spoofed website. The malware also has the capability to collect information stored in Windows Protected Storage or software like Outlook, Eudora, and The Bat to send back to the attacker.
Panda Software believes that the emergence of this attack is a consequence of online scams and the proliferation of business practices that allow the modification of the Briz Trojan.
Luis Corrons, director of PandaLabs, asserts that the characteristics of the Briz Trojan indicate that the authors of online scams have decided to shift their focus to profit from refining Trojans, establishing a system for buying and selling, and creating malicious software.
Hoàng Dũng
