[ISN] Security Researchers Terminate Sites Selling Trojans

From: InfoSec News (isn@private)
Date: Wed Mar 08 2006 - 22:34:01 PST


http://www.informationweek.com/news/showArticle.jhtml?articleID=181502074

By Gregg Keizer 
Mar 8, 2006 

Several Web sites selling made-to-order Trojan horses to hackers have
been shut down, the two cooperating security companies who led the
investigation said Wednesday.

U.S.-based RSA Security and Spain's Panda Software collaborated in the
effort to identify, locate, and shutter five sites. Three were
marketing la carte Trojans for launching targeted identity theft
attacks against users of specific financial institutions, while two
were sites where the buyers could monitor the infections the malware
caused.

Once installed on users' PCs, the Trojans would return data to the
hackers, including systems' IP addresses and bank or brokerage
passwords.

"The collaboration between RSA Security and Panda Software has been
key to rapidly dismantling these dangerous Web sites for creating and
selling targeted malware," said Luis Corrons, director of PandaLabs,
in a statement.

Panda kicked off the investigation after it discovered a new Trojan,
dubbed "Briz.a." Clues in Briz.a's code led Corrons' team to the scam;  
Panda then brought in RSA, which runs an around-the-clock anti-fraud
center acquired during its December 2005 purchase of New York
City-based Cyota. RSA contacted the ISPs hosting the sites to tell
them that they were harboring illegal services.

"It is critical to have industry collaboration and knowledge sharing
such as Panda and RSA demonstrated in this complex case," said Chris
Young, senior vice president of RSA Cyota, in an accompanying
statement.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Wed Mar 08 2006 - 22:52:15 PST