New Banking Trojan Horses Gain Polish
Criminals today can hijack active online banking sessions, and new Trojan horses can fake the account balance to prevent victims from seeing that they're being defrauded.
By Robert Vamosi
November 24, 2009 — PC World —
Criminals today can hijack active online banking sessions, and new Trojan horses can fake the account balance to prevent victims from seeing that they're being defrauded.
Traditionally, such malware stole usernames and passwords for specific banks; but the criminal had to access the compromised account manually to withdraw funds. To stop those attacks, financial services developed authentication methods such as device ID, geolocation, and challenging questions.
Unfortunately, criminals facing those obstacles have gotten smarter, too. One Trojan horse, URLzone, is so advanced that security vendor Finjan sees it as a next-generation program.
Greater Sophistication
Banking attacks today are much stealthier and occur in real time. Unlike keyloggers, which merely record your keystrokes, URLzone lets crooks log in, supply the required authentication, and hijack the session by spoofing the bank pages. The assaults are known as man-in-the-middle attacks because the victim and the attacker access the account at the same time, and a victim may not even notice anything out of the ordinary with their account.
According to Finjan, a sophisticated URLzone process lets criminals preset the percentage to take from a victim's bank account; that way, the activity won't trip a financial institution's built-in fraud alerts. Last August, Finjan documented a URLzone-based theft of $17,500 per day over 22 days from several German bank account holders, many of whom had no idea it was happening.
But URLzone goes a step further than most bank botnets or Trojan horses, the RSA antifraud team says. Criminals using bank Trojan horses typically grab the money and transfer it from a victim's account to various "mules"--people who take a cut for themselves and transfer the rest of the money overseas, often in the form of goods shipped to foreign addresses.
URLzone also seems to detect when it is being watched: When the researchers at RSA tried to document how URLzone works, the malware transferred money to fake mules (often legitimate parties), thus thwarting the investigation.
Silentbanker and Zeus
Silentbanker, which appeared three years ago, was one of the first malware programs to employ a phishing site. When victims visited the crooks' fake banking site, Silentbanker installed malware on their PCs without triggering any alarm. Silentbanker also took screenshots of bank accounts, redirected users from legitimate sites, and altered HTML pages.
Zeus (also known as Prg Banking Trojan and Zbot) is a banking botnet that targets commercial banking accounts. According to security vendor SecureWorks, Zeus often focuses on a specific bank. It was one of the first banking Trojan horses to defeat authentication processes by waiting until after a victim had logged in to an account successfully. It then impersonates the bank and unobtrusively injects a request for a Social Security number or other personal information.
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
