- Jan 24, 2011
- 9,378
Researchers at IBM have discovered a new piece of malware that has stolen $4 million from more than 24 American and Canadian banks in just a few days.
Numerous credit unions and popular e-commerce platforms were also said to have been targeted.
IBM said that the hackers combined code from two malware types, known as Nymaim and Gozi, to create the unholy hybrid dubbed GozNym—a franken-trojan, if you will.
“Cyber criminals have specialties just like their white-hat counterparts. By taking bits of code from different pieces of malware, they are able to create their malicious payload quicker than writing everything from scratch,” said Travis Smith, senior security research engineer atTripwire, via email. “This will reduce their time to exploit and increase potential profits from criminal activity.”
The Trojan is both persistent and powerful. IBM said that from the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers.
“The end result is a new banking Trojan in the wild,” IBM said in the analysis. “Internally, GozNym works like a double-headed beast, where the two codes rely on one another to carry out the malware’s internal operations.”
Read more: Franken-Trojan Steals $4M from North American Banks
Numerous credit unions and popular e-commerce platforms were also said to have been targeted.
IBM said that the hackers combined code from two malware types, known as Nymaim and Gozi, to create the unholy hybrid dubbed GozNym—a franken-trojan, if you will.
“Cyber criminals have specialties just like their white-hat counterparts. By taking bits of code from different pieces of malware, they are able to create their malicious payload quicker than writing everything from scratch,” said Travis Smith, senior security research engineer atTripwire, via email. “This will reduce their time to exploit and increase potential profits from criminal activity.”
The Trojan is both persistent and powerful. IBM said that from the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers.
“The end result is a new banking Trojan in the wild,” IBM said in the analysis. “Internally, GozNym works like a double-headed beast, where the two codes rely on one another to carry out the malware’s internal operations.”
Read more: Franken-Trojan Steals $4M from North American Banks
