Keystroke Logger Trojan Dodges Antivirus Defences

It's here, it's nasty, it's hungry for blood, and it's going to bite your head off.

A new variant of the Russian trojan Gozi is circulating on the web and this time it's armed with a keystroke logger. It can also scramble itself to remain undetected by antivirus software. It's BAD.

The new Gozi's been spreading since 17 April. It's so freaking smart it can steal data from encrypted SSL streams. It doesn't really need to do this as it's already logging your keystrokes - it does it because it feels like it.

Gozi was uncovered by SecureWorks - the Maynor MacBook exploit people - on 7 May. Researcher Don Jackson found a data cache with several thousand suckers victims and bank and credit card account numbers and SSNs.

It's a wonder anyone even goes online anymore.

'If you were infected before mid-May, then it will act like a rootkit and hide itself on your PC and will make itself undetectable by most antivirus software', said Jackson who suspects other Gozi data caches exist.

Gozi uses compression technology to expand itself into computer memory at runtime. Jackson's also heard from people who claim Gozi infected them when they weren't online.

Jackson and others at SecureWorks recommend disconnecting from the Internet completely.*

*The above applies naturally only if you're running Microsoft Windows. There is no reason for people running systems other than Windows to disconnect from the Internet or in any other way be worried about this tragic turn of events. Bad things like Gozi don't happen to any other computers. But you knew that, didn't you?