Still around, still being used: Gozi!

Hi malware fighters,

With all the vulnerabilities, the untackled problems, we could well establish one fact: “the Internet is broken, and who is there to fix it?”. In the old days in mines when you came down an unused shaft, you had a canary to warn you against looming danger of mine gas, and other suffocating doom.

The sheer volume of serious security events doesn’t blow your mind, it numbs it. And then comes something like Gozi.

Gozi is a bot that steals sensitive data off PCs. It can install itself without user intervention; all you do is visit a website (more coverage coming soon). It’s a significant bot, but not because it’s some technical marvel; it ranks in the middle on the malware sophistication index. What makes Gozi significant is that despite the fact that it has mostly disappeared from public consciousness after one fickle online news cycle, it still severely threatens the public. Despite the fact that banks have barely acknowledged it, their customers are the primary targets. Despite the fact that online banking uses SSL, Gozi gets around it. Multi-factor authentication? Some variants are working out ways to defeat it. Despite the fact that researchers and law enforcement know precisely how Gozi works, it still works. It has not been contained. As this is being written, personal data culled with Gozi variants is being peddled on the black market, and despite an ongoing investigation, no one is stopping it. Few are even talking about it. They are numb to it.

Don Jackson, the researcher who discovered Gozi, is not numb, he’s alarmed. He wants to talk about Gozi and its implications. He works for a company that provides security services. He says, "I have a very pessimistic outlook on the question of what are we going to do. I think it’s inevitable. Mass identity theft, or anything you do online…there will be a run on that information. Gozi uses reasonably simple exploits. If someone knows what they’re after and can target their attack”—which is precisely what someone is trying to do with another worm Jackson’s researching—“there’s really no defense against it at all.”

There it was. No defense at all. A strand that entwined itself with all of the other strands of reporting that had been piling up over the past six months. No hope. Not a hell of a lot they can do. No choice. The current situation can not go on. It’s not going to get better. They wove and they wound until the thread thickened into this solid idea: The Internet is broken.

And it can’t be fixed. How long before the toxic environment collapses like the veins of an old mine shaft? How long will consumers tolerate the unstable, ungovernable place it’s becoming? At what point do the risks that they’ve borne to date in order to explore the mine become too dangerous to dare? Where are the big thinkers, the big idea for a public works project that will rebuild the mine shaft into something useful, or seal it up for good and start over? Who are the visionaries that can devise a stable, secure public network?

The canary has stopped singing. What do you see coming next?
Removal of the Gozi trojan, go here:
http://www.2-spyware.com/remove-charge-trojan.html

polonus