New Gozi Banking-Theft Malware Variation Bundles Destructive MBR Rootkit Functions
A newer variant of the Gozi Trojan, a malware threat known for pilfering online banking data, was discovered to infect a computer's Master Boot Record (MBR) through rootkit components.
Gozi is a mischievous Trojan known for its abilities to steal confidential information. mostly consisting of banking account credentials. The recent discover, made by security firm Trusteer, has found a newer variant of the Gozi banking malware that infects the Master Boot Record of an infected computer so it may hide from detection and survive re-installations of operating systems.
The infection of the Master Boot Record has been a long-time technique for sophisticated rootkits. These MBR Rootkit infections, such as TDSS Rootkit and Alureon (part of the TLD4 family of malware), are highly effective with their attacks on computers running versions of Windows. Such threats have never been so involved with seeking out financial data via online banking attacks until now.
The Gozi Banking Trojan is a prime example of newly emerging threats not utilizing techniques once exclusive to MBR Rootkits. Much of the functionality of MBR Rookits are now merged with other sophisticated malware to serve up the perfect malware cocktail designed to aid a cybercrook in their money-theft endeavors.
One particular trait found in the newer Gozi Trojan variant, which is now bundled destructive MBR Rootkit functions, was it targets Internet Explorer to inject malicious code into the process of launching the application. Through these actions, Gozi is able to allow malware to intercept internet traffic and perform Web injections inside Internet Explorer, similar to how older banking Trojans carried out their execution.
The newer variant of Gozi is much like its predecessor expect for the added MBR Rootkit component. It is possible that the rootkit part is a hodgepodge of Gozi and a new rootkit exploited on the malware author market.
The worst part the newer Gozi Trojan, other than the fact that it targets online banking information, is the extreme measures it could take to remove it completely from an infected system. In most instances, removal of an MBR Rootkit would require wiping the entire hard drive and starting over. Fortunately, there are special tools designed to remove rootkit-type infections, such as the newer variation of Gozi.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.