PandaLabs has detected a new variant of the Briz Trojan, called Briz.X, which has already infected almost 14,000 users, stealing all types of information, such as bank and personal details, all types of passwords and even instant messaging conversations, etc. According to PandaLabs, it is continuing to infect an average 500 new computers per day.
Briz.X sends the information it steals to an Internet server, which PandaLabs has managed to access. This server stores all the confidential details this malware has stolen to date. This information is divided into texts files occupying over 3 Gigabytes.
Given the huge volume of data it is capable of stealing, the author of this Trojan has included a parser module (a program that extracts information from documents and prepares it for indexing and searches). “This module allows the hacker to carry out searches by domain or word in order to easily find the stolen information he is most interested in,” explains Luis Corrons, Technical Director of PandaLabs.
What’s more, the module includes an option that allows patterns to be defined to filter the information. The server located by PandaLabs already contained filters, such as paypal.com, ebay.de, or yahoo.com. “This means that the hacker can rapidly access the stolen information related to these pages, such as user names, passwords, or bank details,” adds Luis Corrons.
The Briz.X Trojan also allows cyber-criminals to gain remote access to the infected computers. Therefore, they can use them as a proxy computer to carry out illegal activities, such as transferring the stolen information or money. In this way, they ensure that their IP address does not appear anywhere, making it more difficult for the authorities to detect them.
The first variant of the Briz Trojan family detected by PandaLabs (Briz.A) was related to the creation and sale of made-to-measure Trojans, which was dismantled thanks to the efforts of Panda Software.