Gozi Trojan Description
There’s a variant of the Zeus Trojan that has targeted banks and credit unions in the United States in October of 2012. This malware infection, known as the Gozi Trojan, has managed to steal sensitive data belonging to customers of important credit unions all around the United States. The Gozi Trojan attacks the targeted financial institutions’ websites by inserting fields into the website in order to trick visitors into handing over their private information. The Gozi Trojan has affected at least thirty banks in the United States, often using fraudulent signatures in order to infiltrate secure networks. ESG security researchers have also observed the involvement of more than one hundred botnets in an effort to steal money using information stolen with the Gozi Trojan and transfer that money to offshore accounts. The criminals responsible for the Gozi Trojan and for these fraudulent wire transfers appear to be based in the Russian Federation, which is an outstanding country for harboring many criminals associated with high profile computer crimes.
The Trojan Zeus, also called Zbot, is among the most notorious banking Trojans of all time. ESG security researchers have observed malware attacks associated with this threat happening on several countries. One of the factors that have influenced the spread of variants of this dangerous banking Trojan is that its code was released a few years ago, available to criminals on underground file sharing networks and websites. In the past, crafting a banking Trojan as sophisticated as the Zeus Trojan required expert computer knowledge and large amounts of time and money, but with the release of this malware code, it has allowed relatively low profile criminals to use this dangerous banking Trojan as a starting point for their own malware attacks. In fact, many computer users are calling attacks with this level of sophistication the ‘new normal’ due to the fact that banking Trojans like the Gozi Trojan use components of the Zeus Trojan to carry out sophisticated file stealing maneuvers.
Most Gozi Trojan attacks initiate with a social engineering approach. Like most Trojan infection, the Gozi Trojan requires the victims themselves to download and install this threat. Because of this, the Gozi Trojan is typically spread through spam email messages or bundled with other files, disguised as a harmless video codec or player download.
How Can You Detect Gozi Trojan?