back to article New strain of Gozi Trojan prowls the net

A new variant of the Gozi Trojan has been discovered, raising the specter of a comeback for the infamous malware, which excels at pilfering financial information even when it's protected using supposedly secure mechanisms. The new strain was first detected on Tuesday when Russian miscreants unleashed a small avalanche of …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Up

    Be thankful

    Well lets thank those ru55ians for helping the rest of us develop more robust document formats and advancing the field of virus protection.

    How lovely of them, and how happy it makes me, being always able to look forward to a fresh round of software updating. Another fine and happy day for us all.

    God / Alaa / Spaghetti-Monster bless their cotton socks.

  2. uncle sjohie
    Unhappy

    Here we go again

    Even PDF's aren't safe anymore, now what?

  3. Matt Dodds
    Unhappy

    Reader update through group policy

    Having to update Acrobat/Reader on Windows wouldn't be such a PITA if Adobe were to provide an MSI installation/upgrade package which you could roll out through Group Policy.

    I tried to create such a thing using Symantec Packager and it failed miserably.

    Oh well, only 20 desktops with 8.x here... oh, and where's the patch for 7.x?

  4. Anonymous Coward
    Anonymous Coward

    Any word on Foxit's reader

    I don't normally use the Adobe reader because it has become incredibly bloated, only when looking at proofs. Instead I use the Foxit reader, so I'm interested if that has the same problem - probably not.

    That is, of course, when I use Windows, which is about 5% of the time..

  5. Andy Worth

    @ Jesus Puncher

    Spaghetti Monster? Has someone been reading into Pastafarianism then?

  6. Anonymous Coward
    Gates Horns

    Viruses lol?

    It's all a conspiracy to get you to download Adobe malware! Don't bother updating - the jews are out to get us!

  7. Anonymous Coward
    Paris Hilton

    who's idea was this

    "The program uses Winsock2, advanced functionality that allows it to snoop on traffic even when it is protected in Secure Socket Layer sessions."

    Now with even more features and convenient to use API.Gozi the amazing banking information stealing worm Microsoft XPsp1 XPsp2 Vista.Adobe Acrobat reader required. Wheres their website I would like to buy it and give it to all my friends.

  8. Anonymous Coward
    Unhappy

    Bugger

    I upgraded from AR 7 to AR 8 and after a couple of weeks went back to 7 again. Version 8.x is really frustrating to use, with floating search boxes and multiple windows, while in 7 it's all self-contained. Looks like I'll have to put up with it :-( I tried Foxit but the fonts didn't look as clean, and since I spend half the day looking at pdfs, that mattered.

  9. Anonymous Coward
    Anonymous Coward

    @Chris

    ??? Acrobat Reader 8 is a vast improvement over Acrobat Reader 7 precisely because AR8 DOESN'T have a floating search box. In AR8, the search box is on the tool bar across the top. I've finally replaced Foxit on my home machine with Acrobat Reader 8, because it's user interface is so much better.

  10. Mike Chesmore

    Adobe 8 issues

    While Adobe has had a really bad reputation in the past, Adobe 8 is a vast improvement over previous versions. I am very pleased with it overall. I have rolled Adobe out to 6000 + users in the forms of 6, 7 and now 8. If you are having trouble loading Adobe 8, you need to download the Adobe 8 MSI creator, it is free and really easy to use. I have created hundreds of MSI's with all the major tools out there and this one is as good as any of the paid for ones. I saw a comment about deploying it via AD, you absolutely can use AD to deploy it. The largest complaint we had with it were that "it looks different". Well it is different, things change, software changes, sorry but we still can't use Windows 3.11 even though Vista looks different. Move on... I am still not a huge Adobe fan largely due to their past history but the new stuff seems much much better.

    Mike

  11. Dr. Vesselin Bontchev
    Boffin

    Clarifications

    uncle sjohie: PDF files have never been safe. They are written in the PostScript language. Lots of nasty things can be written in this language - even viruses. Also, they allow JavaScript contents. Finally, there is at least one virus infecting PDF files and spreading from them (albeit only if you have the full Acrobat - not just the Reader).

    Matt Dodds: The exploit is actually in Internet Explorer 7 on Windows XP machines - the Acrobat Reader is just the vector, which has the "nice" added capability of executing embedded URLs automatically. Version 7.x is not vulnerable and you don't need to update non-WinXP machines.

    Anonymous Coward: Foxit is "vulnerable" (in the sense that it can be used as an attack vector) too - the only difference is that there you'll have to be convinced to click on an URL in the PDF file, while with Acrobat the malware runs by just opening the PDF file. Other applications (Firefox, Skype, mIRC, Miranda and countless others) can similarly be attack vectors. The root of the problem is in IE7 on WinXP machines. Microsoft has yet to patch that. Once they do, the problem will disappear.

This topic is closed for new posts.