Panda Detects Complex For-Profit Malware Scam

What makes the malware—Trj/Briz.A Trojan—unique is that the author of the code can check it daily and change it to elude antivirus detection, said U.S. Panda Software CTO Patrick Hinojosa. PandaLabs is part of Bilbao, Spain-based security vendor Panda Software.

PandaLabs is working with law enforcement agencies to uncover who is behind the malware, which can be bought for $990. This isn’t the first time malware has been sold this way, Hinojosa said, but this one differs in its elaborate detection avoidance.

“Whomever created this is doing it on a customer basis; it’s the difference between the old virus writers that are trying to get notoriety and the criminal activity that has to show a return on investment and run a business of some type off of it,” Hinojosa said.

The code collects information about passwords and activity on the infected computer. The file containing the malicious code hides under the name “iexplore.exe” to pass itself off as Internet Explorer. When it runs, it downloads different files and deactivates Windows Security Center services and collects information on programs such as Outlook, Eudora and The Bat, which it then sends to the attacker. Delivery methods vary depending on the buyer and how they want to deliver it, Hinojosa said.

Sponsored post

Kurtis Kreh, vice president of sales at iSmart Connect, an Irvine, Calif.-based security solution provider, said this type of for-profit banking cybercrime will become more prevalent because of the increasing popularity of online banking. ISmart Connect specializes in strong authentication solutions for the financial industry.

“There are billions of people banking online, and it’s always continuing to grow,” Kreh said. “Something’s got to change. This type of attack is good news because it will force the financial industry to do something about strong authentication today.”