Russian malware authors are finding new ways to steal and profit from data which used to be considered safe from thieves because it was encrypted using SSL/TLS.
A single attack by a single variant compromises more than 5200 hosts and 10,000 user accounts on hundreds of sites.
- Steals SSL data using advanced Winsock2 functionality
- State-of-the-art, modularized trojan code
- Spread through IE browser exploits
- Undetected for weeks, months by many AV vendors
- Customized server/database code to collect sensitive data
- Customer interface for on-line purchases of stolen data
- Accounts compromised by stealing data primarily from infected home PCs
- Accounts at top financial, retail, health care, and government services affected
- Data’s black market value at least $2 million
There are two other known variants. New variants, similar attacks inevitable.
Read more here: Gozi Trojan
