Trojan.Silentbanker targeting banks

By Dennis Fisher, Executive Editor 15 Jan 2008 | SearchFinancialSecurity.com

Digg This!     StumbleUpon     Del.icio.us

A couple of weeks ago I wrote a story about some of the more sophisticated Trojans out there right now, including Storm and Nugache. I mentioned a few Trojans that specifically target online banking customers, and now there comes word in this blog post from Symantec about a new banking Trojan:

The ability of this Trojan to perform man-in-the-middle attacks on valid transactions is what is most worrying. The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker's account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker's details instead. Since the user doesn't notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Unfortunately, we were unable to reproduce exactly such a transaction in the lab. However, through analysis of the Trojan's code it can be seen that this feature is available to the attackers.

How about that for a barrel of laughs? Symantec's analysis shows that the Trojan, which has yet to be assigned a catchy name, also can steal passwords for email accounts, FTP sites and other applications. Not to mention its ability to execute the more common type of man-in-the-middle attack, sending users to a server controlled by the attacker instead of the user's intended destination.

The thing that worries me about these Trojans, aside from the obvious, is that what we're seeing is only a small percentage of what's out there. For every one of these that we see a detailed analysis of, there's no telling how many others are quietly infecting machines across the Net.

Tags: Emerging security threats and attacks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging security threats and attacks Customers risk online banking fraud by reusing bank credentials Phone call fraud made easy Credit union warns of phoney banking Android app Heartland to pay $3.6 million to American Express for breach NACHA offers tips for financial institutions to combat ACH fraud Year in review: Banking Trojans Gartner's Avivah Litan on the online banking fraud surge UK police arrest two in connection with Zeus Trojan Fraudulent emails pretend to be from NACHA Four hackers indicted in RBS WorldPay breach

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary