Several Web sites selling made-to-order Trojan horses to hackers have been shut down, the two cooperating security companies who led the investigation said Wednesday.
U.S.-based RSA Security and Spain's Panda Software collaborated in the effort to identify, locate, and shutter five sites. Three were marketing la carte Trojans for launching targeted identity theft attacks against users of specific financial institutions, while two were sites where the buyers could monitor the infections the malware caused.
Once installed on users' PCs, the Trojans would return data to the hackers, including systems' IP addresses and bank or brokerage passwords.
"The collaboration between RSA Security and Panda Software has been key to rapidly dismantling these dangerous Web sites for creating and selling targeted malware," said Luis Corrons, director of PandaLabs, in a statement.
Panda kicked off the investigation after it discovered a new Trojan, dubbed "Briz.a." Clues in Briz.a's code led Corrons' team to the scam; Panda then brought in RSA, which runs an around-the-clock anti-fraud center acquired during its December 2005 purchase of New York City-based Cyota. RSA contacted the ISPs hosting the sites to tell them that they were harboring illegal services.
"It is critical to have industry collaboration and knowledge sharing such as Panda and RSA demonstrated in this complex case," said Chris Young, senior vice president of RSA Cyota, in an accompanying statement.