Trojan Briz.X steals data of 500 people a day

30th May 2007

Specialists of PandaLabs are warning about the spread of Trojan Briz.X. The Trojan has already stolen confidential data of more than 14,000 users and the number of its victims is increasing by 500 people a day.
Briz.X can steal all types of information: confidential bank data, passwords to online services, correspondence by instant messages systems, personal information, etc. in comparison with other Trojans of Briz family, this copy contains a module that allows the criminal to perform a quicker search for the stolen data. The stolen information Briz.X sends to the internet-server, where all confidential data are stored, stolen by malicious code. All information is divided into text files, each of about 3 gigabytes.
In view of the huge amounts of stolen information, the author of this Trojan included to it a parser module (the program that derives information from the documents and prepares it to the following indexing and search). Such module allows a hacker to search by domain or a certain word, in order to find easily among the stolen, the information in that he is interested most.
Moreover, the module contains an option that allows the creation of templates for information filtering, such as paypal.com, ebay.de, or yahoo.com. This means that a hacker can quickly find stolen information relating to these pages, and thus gain access to user names, passwords and bank data.
Trojan Briz.X also allows cyber-criminals to get remote access to infected computers. Thus, these computers can be used as proxy-servers for performing the illegal actions, such as the transference of the stolen information or remittance of stolen money to other accounts.
Therefore, criminals can be sure that their IP-address appears nowhere, and it would be practically impossible to track them.