Wave Systems Corp. (fka WAVXQ)

[reach567]

Malware moves up, goes commercial
2/25/2006 12:21:57 PM, by Peter Pollack

http://arstechnica.com/news.ars/post/20060225-6264.html

Let's face facts. We knew this was coming for years, we just didn't want to admit it to ourselves. Virus programmers—the real kind, not the script kiddies—are far too competent at what they do to have remained noncommercialized forever. No longer merely an ugly toy for troublemakers, the 21st century virus is poised to climb the economic ladder and establish itself as a commercial tool of choice for identity thieves and financial fraudsters.

Engineers at Panda Software, while in the process of researching a new trojan, uncovered evidence this week that led them to a web site touting custom-built viruses for sale. For the low, low price of only US$990, a user gets his or her own pet trojan horse, complete with tech support. If the file is discovered—as this current model was—the designer provides a guarantee to alter it so that it may continue to avoid detection in the face of updated antivirus software.

The trojan goes by the moniker Trj/Briz.A, and scans the user's hard drive for information that could be used for financial and identity data. It then sends that information to an attacker working behind the scenes. Additional features include the ability to gather IP addresses and in some cases, the physical location of infected computers. It can also modify the machine to prevent access to web sites devoted to antivirus products.

The file that causes the Trj/Briz.A infection is called "iexplore.exe" It uses this name to pass itself off as Internet Explorer. When it is run, it downloads different files and stops and deactivates Windows Security Center services and Shared Internet Access. It also collects information on programs like Outlook, Eudora and The Bat, which it sends to the attacker.

It seems notable that the trojan attacks The Bat, an application which touts itself as a "Virus-proof Email System ... to make your e-communication safe and easy." The Bat is not exactly the most common e-mail program around, and history has shown that viruses which target Outlook alone are certainly damaging enough. Perhaps the creator of Trj/Briz.A, although making a bold move into the world of commercial criminal software, still bears enough hacker pride to bother going after a more uncommon application just because it is touted as "virus-proof."

An investigation has begun into those behind Trj/Briz.A. PandaLabs has joined forces with unspecified "other companies" and "international agencies" to track down the creators, starting with the server to which Trj/Briz.A sends its information. It is believed that the server is a front for a much larger network, and that more malware may be on the way.

While [Panda Chief Technology Officer Patrick Hinojosa] does not believe that the organization offering the trojan horse service has released other malware so far, he mentioned that Trj/Briz.A is not a proof of concept. "This code is written heavily towards the goal of data theft and aims at extracting personal financial information," he said. "We believe someone may have bought this trojan horse."

Viruses that wrest user data from infected computers have been around for decades, and malicious programmers have done customized work for hire before, but Trj/Briz.A's combination of detection avoidance coupled with brash commerciality put it in a class by itself. As more schemes like this start to show up—and they undoubtedly will—it will only encourage the push for better user authentication and trusted computing. http://arstechnica.com/news.ars/post/20060225-6264.html

Still, a price of only US$990 is something of a bargain, given the support system and customized nature of the software. With some high-end boxed applications running US$500 to US$2,000 or more, the programmer of Trj/Briz.A may want to look into hiring an agent. For all the financial gain the software bring to the purchaser, it seems ironic that the virus designer might be the one getting taken to the cleaners.