Symantec researchers warn of banking Trojan

Article

Symantec researchers warn of banking Trojan

A sophisticated online banking Trojan that first surfaced two years ago has hit banks in Denmark, Symantec researchers said.

    Requires Free Membership to View

    Login

    SearchFinancialSecurity.com members gain immediate and unlimited access to in-depth technical advice, strategies, and expert guides for securing data in high-risk financial environments. Join me on SearchFinancialSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchFinancialSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchFinancialSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

While the malware has been detected in the U.S., it hasn't attacked specific banks here, said Kevin Haley, director of product management for Symantec Security Response.

The Trojan, called Bankpatch, first surfaced in 2007 and its authors continue to distribute it and update plug-in modules that are designed to target specific banks and steal online banking credentials, Eric Chien, a researcher at Symantec, wrote in a Symantec blog post Friday. The malware has attacked several Danish banks, he said.

Bank Trojans:
Gartner advises banks to shore up online channels: A bank-targeted Trojan could lead to copycats and should spur security improvements, analysts say.

Study of banking malware analyzes underground economy: Researchers uncover thousands of stolen online banking credentials, email passwords and credit card data.

Phishing, malware to strain banks in 2009: Fraud remained an ongoing problem for financial institutions in 2008 as criminals continued to devise ways to compromise online bank account credentials and steal money.

Users can be infected with Bankpatch by visiting a website that exploits vulnerabilities in Internet Explorer and third-party browser plugs, researchers said.

When executed, the Trojan injects code into Windows system files and patches key routines to hide itself and trigger other actions that allow it to track when Internet Explorer is used. It downloads additional plug-ins known collectively as Infostealer.Nadebanker, which are browser helper objects customized to target certain online baking systems and intercept online banking traffic to change what the user sees, Chien wrote in an update Tuesday.

"This allows Nadebanker to potentially transfer money from these accounts unnoticed," he said.

Haley said it appears that if the attackers know enough about how a bank performs online transactions, they can customize an attack specific to that bank and download it to infected machines as a plug-in. Symantec scans for both the Trojan and Nadebanker, and offers a removal tool.