Panda Detects Complex For-Profit Malware Scam

What makes the malware, Trj/Briz.A trojan, unique is that the author of the code checks it daily and changes it to elude antivirus detection, said United States Panda Software CTO Patrick Hinojosa.

PandaLabs is part of Bilbao Spain-based security vendor Panda Software.

PandaLabs is working with law enforcement agencies to find who's behind the malware, which can be bought for $990. This isn't the first time that malware has been sold this way, Hinojosa said, but it is different in how elaborate the detection-avoidance is.

"Whomever created this is doing it on a customer basis, it's the difference between the old virus writers that are trying to get notoriety and the criminal activity that has to show a return on investment and run a business of some type off of it," Hinojosa said.

The code collects information about passwords and activity on the infected computer.

Delivery methods vary depending on the buyer and how they want to deliver it, Hinojosa said. Kurtis Kreh, vice president of sales with Irvine, Calif. security solution provider iSmart Connect said this type of for-profit banking cyber crime will only grow because of the increasing popularity and convenience of online banking.

"There's billions of people banking online, and it's always continuing to grow," Kreh said. "Something's got to change. This type of attack is good news because it will force the financial industry to do something about strong authentication today."

iSmart Connect specializes in strong authentication solutions for the financial industry.