back to article Good news, URSNIF no longer a banking trojan. Bad news, it's now a backdoor

URSNIF, the malware also known as Gozi that attempts to steal online banking credentials from victims' Windows PCs, is evolving to support extortionware. As one of the oldest banking trojans – dating back to the mid-2000s – the software nasty has a number of variants and been given a few monikers, including URSNIF, Gozi, and …

  1. Mike 137 Silver badge

    Thanks Microsoft

    "Clicking on the document leads to the download and execution of the LDR4 payload, once the mark follows the given instructions to run macros within the file"

    Abuse of MS Office macros yet again. Don't let them run in untrusted documents (or, preferably, not at all). Everything downloaded is untrusted until it's been formally inspected for malicious content, and that doesn't just mean passed by "antivirus".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like