[LINK] Analysing a data stealing trojan

Rick Welykochy rick at praxis.com.au
Fri Mar 23 20:12:28 AEDT 2007

Howard Lowndes wrote:

> This is a fascinating, but long, read detailing analysis into the Gozi 
> trojan, which is capable of intercepting SSL/TSL sessions between 
> Internet Explorer and the TCP/IP stack to trap key data used for on line 
> transactions.
> http://www.secureworks.com/research/threats/gozi/

Impressive. That article says the advanced Winsock32 lib was
used by the exploit. I recall that pleas were sent to Mickeysoft
to never enable raw sockets on Windows. It's security is too and
the OS too vulnerable. Now this. Impressive.

How did the exploit arrive? VIa Internet Exploiter.

And yet Mickeysoft cannot be held liable for damages. Boggle.

Black market value of this little beauty: over $2 Million.


Rick Welykochy || Praxis Services

38 is the last Roman numeral when written lexicographically.
      -- http://www.stetson.edu/%7Eefriedma/numbers.html

More information about the Link mailing list