[LINK] Analysing a data stealing trojan
Rick Welykochy
rick at praxis.com.au
Fri Mar 23 20:12:28 AEDT 2007
Howard Lowndes wrote:
> This is a fascinating, but long, read detailing analysis into the Gozi
> trojan, which is capable of intercepting SSL/TSL sessions between
> Internet Explorer and the TCP/IP stack to trap key data used for on line
> transactions.
>
> http://www.secureworks.com/research/threats/gozi/
Impressive. That article says the advanced Winsock32 lib was
used by the exploit. I recall that pleas were sent to Mickeysoft
to never enable raw sockets on Windows. It's security is too and
the OS too vulnerable. Now this. Impressive.
How did the exploit arrive? VIa Internet Exploiter.
And yet Mickeysoft cannot be held liable for damages. Boggle.
Black market value of this little beauty: over $2 Million.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
38 is the last Roman numeral when written lexicographically.
-- http://www.stetson.edu/%7Eefriedma/numbers.html
More information about the Link
mailing list