Gozi Might Get You (or maybe it already did?)

A new internet trojan called Gozi was detected earlier this year. It's news because this one was and remains particularly nasty. The trojan was originally designed using state-of-the-art techniqes to infect Windows PCs through Internet Explorer 6, gathering personal financial information from mostly home-based computers. According to security research reports, apparently none of the security companies knew of Gozi's existence for as long as 50 days after it was first deployed in the wild. The St. Petersburg, Russia server (to which data is still being sent evidently) was fully set up with a sophisticated database to organize the information, a graphical user interface for crooks to purchase the information, and some other functionality. Most of this stuff has reportedly been disabled now and the database no longer appears to be on the server. More information here and here. Identity theft is not fun.

Details of the Trojan and the stolen information were uncovered in January by Don Jackson, a security researcher at SecureWorks Inc., an Atlanta, GA based managed security service provider. Jackson noted that there are at least two more known variants of Gozi, meaning new attacks are likely. Maybe the Gozi authors are having some trouble cracking Internet Explorer 7? Let's hope the companies which develop and update our security software do a better job at finding out about and protecting us against the Gozi variants which are undoubtedly going to appear soon (if they haven't already).

Now for the good news (not really). Because the server was only 'disabled' as of March 12, check your bank statements for October, November and December 2006, and for January, February and March 2007. The same goes for credit card statements. You are checking this stuff every month anyway, aren't you? If you did get caught caught by Gozi, you probably should review the risk inherent in some of the web sites you've been visiting.