[ISN] Security Researchers Terminate Sites Selling Trojans

InfoSec News isn at c4i.org
Thu Mar 9 01:34:01 EST 2006


By Gregg Keizer 
Mar 8, 2006 

Several Web sites selling made-to-order Trojan horses to hackers have
been shut down, the two cooperating security companies who led the
investigation said Wednesday.

U.S.-based RSA Security and Spain's Panda Software collaborated in the
effort to identify, locate, and shutter five sites. Three were
marketing la carte Trojans for launching targeted identity theft
attacks against users of specific financial institutions, while two
were sites where the buyers could monitor the infections the malware

Once installed on users' PCs, the Trojans would return data to the
hackers, including systems' IP addresses and bank or brokerage

"The collaboration between RSA Security and Panda Software has been
key to rapidly dismantling these dangerous Web sites for creating and
selling targeted malware," said Luis Corrons, director of PandaLabs,
in a statement.

Panda kicked off the investigation after it discovered a new Trojan,
dubbed "Briz.a." Clues in Briz.a's code led Corrons' team to the scam;  
Panda then brought in RSA, which runs an around-the-clock anti-fraud
center acquired during its December 2005 purchase of New York
City-based Cyota. RSA contacted the ISPs hosting the sites to tell
them that they were harboring illegal services.

"It is critical to have industry collaboration and knowledge sharing
such as Panda and RSA demonstrated in this complex case," said Chris
Young, senior vice president of RSA Cyota, in an accompanying

More information about the ISN mailing list