The Return of the Gozi Trojan

The Gozi Trojan is a piece of financial malware that was first seen in 2007. Since its creation it has infected more than a million computers all over the world and facilitated the theft of millions of dollars. Earlier in the year, the three people thought to have been behind the Trojan were arrested, which many thought would end the spread of Gozi. Unfortunately, it has recently resurfaced and it appears to have integrated into an MBR bootkit, making it more dangerous than ever.
The Gozi Trojan was built to steal money online and this is what it did, in vast amounts. Usually masquerading as a PDF file, the virus would use ‘web injects’ to alter the look of banking webpages in order to trick people into revealing sensitive information. One of the perpetrators actually rented out access of the latest versions of Gozi to other cyber criminals, as well as the source code so they could alter it to fit their crimes.
Although the original creators have now been captured, the Trojan is still making its presence known. New reports have found that Gozi can now infect a computers master boot record and even survive a complete reinstallation of an operating system. Although the version of the malware that was detected wasn’t new it has been built into a rootkit, making it even more difficult to remove.
Those worried about the Gozi Trojan can help to protect their computers from this malware by following some simple tips. Make sure you have trusted firewall and antimalware programs set up and keep them as up to date as possible. Also, don’t reveal any sensitive information unless you are sure the website is completely safe. If you have the misfortune of becoming infected with this current form of the malware, experts advise that the only way of removing it may be a hard drive format.
ITC Secure Networking offer complete managed network and security services that can help combat malware such as Gozi, if you are interested in finding out more call us on 020 7517 3900 or visit