A Russian Trojan program named Gozi spreads remotely via IE browser exploit. It is responsible for stealing user account and passwords from more than 5,200 hosts and over 10,000 user accounts.

• Steals SSL data using advanced Winsock2 functionality
• State-of-the-art, modularized trojan code
• Spread through IE browser exploits
• Undetected for weeks, months by many AV vendors
• Customized server/database code to collect sensitive data
• Customer interface for on-line purchases of stolen data
• Accounts compromised by stealing data primarily from infected home PCs
• Accounts at top financial, retail, health care, and government services affected
• Data’s black market value at least $2 million

All windows users should be running an updated Anti-Virus (I suggest NOD32) and avoid using Internet Explorer. Firefox and Opera are much more secure alternatives. It’s also important to keep Windows Updated.

[Gozi Trojan]

Tags: internet explorer, security, trojan, worm, vulnerability