zeroasterisk

A recent report
from Don Jackson at SecureWorks (dated March 20 2007) examines a new
Trojan and provides some alarming insights on Internet Identity Theft.
It is worth reviewing this case carefully to understand how
sophisticated modern identity theft schemes have become, and how
difficult it can be to investigate and prevent them.What makes this
Trojan interesting is that it:

• is installed automatically simply by visiting an infected web site
• is invisible to the user
• is often missed by anti-virus software
• is able to steal identity information even if it is encrypted using https
• efficiently collects large amounts of information and sends it to a “mother ship”
• provides an interface for fraudsters to easily purchase the stolen data
• is been used to collect thousands of login credentials at major banks and government agencies
• has not been shut down
• is only one of many such programs that are now offered as kits

source: http://www.andrewpatrick.ca/essays/modern-internet-identity-theft/

his source: http://www.secureworks.com/research/threats/gozi/?threat=gozi