Banking Malware: Sophistication Rises In Longtime Botnet Families


7. Gozi

Gozi is a rival to Zeus and was detected in 2007, about the same time as the Zeus malware family. It continues to thrive despite arrests of some Gozi attackers last year. The malware spreads through spam campaigns, redirecting victims to attack websites. Gozi has been associated with attacks that steal file transfer protocol (FTP) credentials. It also can steal credentials from email clients to enable it to quickly spread. By default, the malware targets websites that belong to large international banks and popular online payment services, Dell SecureWorks said. It then identifies web pages that victims frequent to conduct business, infects them and sets them up to infect the systems of the web page visitors.