In a joint effort between RSA Security Inc., a leading provider of online security and anti-fraud solutions, and Panda Software, the companies detected and assisted in the disabling of several websites related to a complex system for creating and selling? la carte Trojans that could be used for espionage and theft of confidential personal and financial data. As a result of Panda Software’s and RSA Security’s efforts the web pages that offer these Trojan services are now inaccessible to hackers trying to use the system.
RSA Security’s expertise and innovation in neutralizing fraud threats as they emerge – which it gained as part of its acquisition of Cyota in 2005 – enables businesses to proactively protect themselves from phishing, pharming and other types of emerging threats.
Panda Software’s TruPreventTM Technologies detected a new Trojan, called Trj/Briz.A, which was previously unknown to security companies. When the PandaLabs experts began an in-depth analysis on the code of this Trojan, they noticed certain peculiarities that led them to the scam which has now been dismantled. Given the seriousness and sophistication of the attack, Panda Software contacted RSA Cyota’s 24*7 Anti Fraud Command Center, which implemented its process to disable the web pages involved by contacting the ISPs hosting the site and identifying it as a source of these illicit Trojan services.
Due to this combined effort, three websites selling Trojans were shut down by the ISPs hosting them, as well as two others on which hackers could see information about infections caused by their malware.
According to Luis Corrons, director of PandaLabs: “The collaboration between RSA Security and Panda Software has been key to rapidly dismantling these dangerous websites for creating and selling targeted malware. Thanks to this it has been possible to make the necessary changes to make all sites involved inaccessible.”
“In the rapidly evolving world of online fraud, it is critical to have industry collaboration and knowledge sharing such as Panda Software and RSA Security demonstrated in this complex and sophisticated case,” stated Chris Young, senior vice president and general manager of RSA Cyota Consumer Solutions. “We are determined to keep our global financial institution customers one step ahead of the fraudsters; strategic partnerships and collaboration such as this expands our reach and enhances our ability to respond rapidly and decisively as new attacks emerge.”
The creator of this system offered hackers the chance to generate ? la carte Trojans that could be used to foil traditional security solutions and targeted attacks, i.e. attacks on specific users of specific financial institutions in the UK, Spain and more. In addition, buyers would receive a system for monitoring the status of the infections caused, providing them with a large quantity of data about the infected computers: IP addresses, passwords and even the physical location of the computers.
“This case highlights the need for proactive technologies that can detect malicious code without signature files. Had it not been for TruPreventTM Technologies, the system for creating Trojans that has now been dismantled could have been operating with impunity for a long time,” adds Corrons.