Article

Symantec researchers warn of banking Trojan

SearchSecurity.com Staff

A sophisticated online banking Trojan that first surfaced two years ago has hit banks in Denmark, Symantec researchers said.

    Requires Free Membership to View

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

While the malware has been detected in the U.S., it hasn't attacked specific banks here, said Kevin Haley, director of product management for Symantec Security Response.

The Trojan, called Bankpatch, first surfaced in 2007 and its authors continue to distribute it and update plug-in modules that are designed to target specific banks and steal online banking credentials, Eric Chien, a researcher at Symantec, wrote in a Symantec blog post Friday. The malware has attacked several Danish banks, he said.

Bank Trojans:
Gartner advises banks to shore up online channels: A bank-targeted Trojan could lead to copycats and should spur security improvements, analysts say.

Study of banking malware analyzes underground economy: Researchers uncover thousands of stolen online banking credentials, email passwords and credit card data.

Phishing, malware to strain banks in 2009: Fraud remained an ongoing problem for financial institutions in 2008 as criminals continued to devise ways to compromise online bank account credentials and steal money.

Users can be infected with Bankpatch by visiting a website that exploits vulnerabilities in Internet Explorer and third-party browser plugs, researchers said.

When executed, the Trojan injects code into Windows system files and patches key routines to hide itself and trigger other actions that allow it to track when Internet Explorer is used. It downloads additional plug-ins known collectively as Infostealer.Nadebanker, which are browser helper objects customized to target certain online baking systems and intercept online banking traffic to change what the user sees, Chien wrote in an update Tuesday.

"This allows Nadebanker to potentially transfer money from these accounts unnoticed," he said.

Haley said it appears that if the attackers know enough about how a bank performs online transactions, they can customize an attack specific to that bank and download it to infected machines as a plug-in. Symantec scans for both the Trojan and Nadebanker, and offers a removal tool.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: