PandaLabs Security Company has issued a warning about a cybercrime syndicate that is currently selling the source code for the Trojan Trj/Briz.A for $990 per copy.
PandaLabs states that Trj/Briz.A is an extremely dangerous type of Trojan because it has the ability to collect all data from online financial transactions as well as other information from websites. PandaLabs also confirms that Trj/Briz.A is a “masterpiece” crafted by some underground “business” that specializes in making money online.
From this source code, skilled hackers can develop numerous other dangerous Trojan variants capable of infiltrating any computer and stealthily sending back complete data to their owners, including IP addresses, usernames, passwords, etc. This sensitive data allows hackers to fully take over the infected computer remotely.
Files containing the Trj/Briz.A Trojan often have names like “iexplore.exe,” misleading users into believing that this is a legitimate file related to or used to activate the Internet Explorer browser. When this file is activated, it will immediately download a series of other malicious files to the computer and instantly disable the features of Windows Security Center and Shared Internet Access. After that, it will collect data from email clients such as Outlook, Eudora, The Bat, etc., to send back to the attacker. Additionally, it completely blocks access to commonly used security websites. Regular users are generally unable to remove it from their computers.
Luis Corrons, the president of PandaLabs, observes that the era of hackers creating malware for fun or to prove themselves is long gone. Malware like the Trojan Trj/Briz.A is now entirely produced on demand for the purpose of financial fraud. Once they have “recouped their investment” and made a profit, the owners of these malware types will sell them to other scam groups looking to use them for monetary gain, thus “reinvesting” in newer, more dangerous malware generations.
HOÀNG KIM ANH
