The Trojan is one of the most sophisticated yet found and has a variety of features designed to make it difficult to locate. When it detects an SSL transaction it activates and begins key-logging the infected computer to steal account details.
In addition the Trojan makes itself difficult to detect by constantly changing its coding so that signature-based systems will not detect it.
It also has its own compression software and will compress and extract portions of its code to further disguise itself.
"It is bad enough that this new version of Gozi can encrypt and rotate its program code to bypass conventional signature detection," said Geoff Sweeney, chief technical officer at security analysis software company Tier-3.
"But the fact that it can switch a key-logging function on and off when the infected PC reaches an e-banking web page makes it almost undetectable using conventional IT security technology.
http://uk.news.yahoo...am-6315470.html