VisualBreeze or VisualBriz is
another malware that is usually sold in forums of malware developers, similar to
the ones we mentioned in “Cybercime for sale”.

I have recently discovered a server
that hosted a new variant of this malware and contained 5.445 logs from infected
machines, which take up 2.61 Gigabytes.

After checking the server where it
was installed, I noticed that, unlike other variants of Briz, this one was
provided with a Parser module that sends the information of the
files to a MySQL database managed by a PhpMyAdmin. This way, it will be easier
and faster to make searches in the information obtained from the infected

This module has several



The option “View” shows the logs and
allows searches by domain or by text to be made:


The option “Templates” allows
patterns to be made in order to filter the information:


The Server was provided with these
“Templates”, which were already created:







Apart from the information it
steals, it allows infected machines to be accessed in order to use them as


Daily, around 478 new machines are

These are the statistics that the
module of proxies displays and that are continuously being updated:

This variant of Trj/Briz has been
detected by signature as Trj/Briz.X. But, before detecting it,
our TruPrevent Technologies detected and successfully blocked