Briz.I is a password stealer type Trojan that consists of several components that are consecutively downloaded from the Internet. Such components carry out the following actions:
- Stop and disable the services Windows Security Center and Internet Connection Sharing (Windows XP firewall).
- Obtain information from the computer, such as IP address, name, geographic area, etc.
- Prevent users and installed programs from accessing certain websites, which belong to several antivirus companies.
- Capture the data entered in websites containing forms accessed through Internet Explorer. This way, it obtains passwords for email accounts, banking entities and other online services.
- Harvest paswords and other data stored in Protected Storage, as well as the email clients Outlook, Eudora and The Bat.
- Use the affected computer as a gateway, in order to connect to third-parties' Telnet, SMTP, FTP and HTTP services anonimously.
- Execute commands and download files from the hard disk of the affected computer.
Briz.I does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.