A new variant of the Russian Trojan Gozi is circulating on the Web, this time armed with a keylogging function and the ability to scramble itself so it is difficult to detect by anti-virus software.The Trojan is believed to have been spreading since April 17. Like the original, which was discovered earlier in 2007, the new version of Gozi steals data from encrypted SSL (Secure Sockets Layer) streams.

The latest variant was uncovered May 7 by Don Jackson, a security researcher at SecureWorks in Atlanta. Jackson also found one data cache from the Gozi variant that contained 2,000 new victims and several thousand account records, including bank and credit card account numbers, Social Security numbers, and other personal information.

continued @ eweek.com