A nasty new Russian Trojan program named Gozi was discovered this week. It had gone undetected by security software companies for longer than a month.
Its data harvest from 300 different companies even included government organizations at the federal and state level. More than 10,000 records consisted of about 2000 Social Security numbers, financial account numbers, user names & passwords.
In total, the stolen records belonged to just over 5000 really unlucky home PC users. An Atlanta-based security company, SecureWorks Inc., uncovered the original bug and its data. However, more data thefts are possible and expected because of more variants of Gozi which are still circulating.
An analysis of the Trojan program showed that it was designed to steal data from encrypted Secure Sockets Layer (SSL) streams and send it to a server based in Russia. The Trojan took advantage of a vulnerability in the iFrame tags of Microsoft Corp.’s Internet Explorer. The buffer overflow flaw basically allows attackers to take complete control of a compromised system. In this case, the users compromised by the Gozi Trojan appear to have visited several hosted Web sites, community forums, social networking sites and those belonging to small businesses. *http://www2.csoonline.com/
The stolen data was being sold and the digital currency accepted for payment was Webmoney. Each customer-generated query had a price and anyone ‘in the know’ could purchase the goodies using WMZ, which is the US Dollar currency version of Webmoney.
Prices varied, the report we read showed that three passwords for a small retailer came in at about 100 WMZ, ($100 USD) but ten passwords from an international bank sold for 2,500 WMZ. Its estimated that about $2 million dollars worth of data had been collected and was ready for sale.
Webmoney, based in Russia, can be used online anonymously. That is not the intention of its operators I’m sure however, it can be done. It is a great digital currency and I’ve posted about it many times before. The most recent post was, Webmoney Reports Monster Popularity & Growth, Again