A new variant of the Russian Gozi Trojan has been discovered that is capable of stealing data during secure socket layer (SSL) transactions.

The Trojan is one of the most sophisticated yet found and has a variety of features designed to make it difficult to locate. When it detects an SSL transaction it activates and begins key-logging the infected computer to steal account details.

In addition the Trojan makes itself difficult to detect by constantly changing its coding so that signature-based systems will not detect it.

It also has its own compression software and will compress and extract portions of its code to further disguise itself.

"It is bad enough that this new version of Gozi can encrypt and rotate its program code to bypass conventional signature detection," said Geoff Sweeney, chief technical officer at security analysis software company Tier-3.

The link for this article located at Vnunet.com is no longer available.