Ryan Naraine published a fascinating blog on Wednesday "Russian (Gozi) Trojan powering massive ID-theft ring". It documents the surprising discovery by SecureWorks of a Russian Trojan that has been stealing significant amounts of identity theft (5,200 homes with 10,000 records). The data stolen was being offered online for over $2 million. Worse the anti-virus vendors didn't catch it for weeks and in some cases months.
Here is what the tojan was capable of doing according to Ryan: "
* Steals SSL data using advanced Winsock2 functionality
* Users state-of-the-art, modularized trojan code
* Launch attacks through Internet Explorer browser exploits
* Users customized server/database code to collect sensitive data
* Offers a customer interface for online purchases of stolen data
* Steals data primarily from infected home PCs
* Accounts at top financial, retail, health care, and government services affected
* The black market value of the stolen data is at least $2 million
"
While this attack was mostly against home users, I suspect many enterprises would also be vulnerable if they are mostly relying upon the anti-virus vendors.
Don't have one layer of defense in your enterprise. Have multiple layers including the use of stronger authentication and transaction authentication or you will be vulnerable to successful enterprise attacks.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us