Symantec researchers warn of banking Trojan

By SearchSecurity.com Staff 04 Feb 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

A sophisticated online banking Trojan that first surfaced two years ago has hit banks in Denmark, Symantec researchers said.

SearchFinancialSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

While the malware has been detected in the U.S., it hasn't attacked specific banks here, said Kevin Haley, director of product management for Symantec Security Response.

The Trojan, called Bankpatch, first surfaced in 2007 and its authors continue to distribute it and update plug-in modules that are designed to target specific banks and steal online banking credentials, Eric Chien, a researcher at Symantec, wrote in a Symantec blog post Friday. The malware has attacked several Danish banks, he said.

Bank Trojans: Gartner advises banks to shore up online channels: A bank-targeted Trojan could lead to copycats and should spur security improvements, analysts say. Study of banking malware analyzes underground economy: Researchers uncover thousands of stolen online banking credentials, email passwords and credit card data. Phishing, malware to strain banks in 2009: Fraud remained an ongoing problem for financial institutions in 2008 as criminals continued to devise ways to compromise online bank account credentials and steal money.

Users can be infected with Bankpatch by visiting a website that exploits vulnerabilities in Internet Explorer and third-party browser plugs, researchers said.

When executed, the Trojan injects code into Windows system files and patches key routines to hide itself and trigger other actions that allow it to track when Internet Explorer is used. It downloads additional plug-ins known collectively as Infostealer.Nadebanker, which are browser helper objects customized to target certain online baking systems and intercept online banking traffic to change what the user sees, Chien wrote in an update Tuesday.

"This allows Nadebanker to potentially transfer money from these accounts unnoticed," he said.

Haley said it appears that if the attackers know enough about how a bank performs online transactions, they can customize an attack specific to that bank and download it to infected machines as a plug-in. Symantec scans for both the Trojan and Nadebanker, and offers a removal tool.

Tags: Emerging security threats and attacks,  Spam, phishing and social engineering attacks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging security threats and attacks Gartner's Avivah Litan on the online banking fraud surge UK police arrest two in connection with Zeus Trojan Fraudulent emails pretend to be from NACHA Four hackers indicted in RBS WorldPay breach ACH fraud scams total $100 million, FBI says FDIC warns of rise in "money mule" schemes FDIC warns of bogus emails Bank Trojan used against German accounts evades antifraud systems Wyoming bank sues Google after bank employee email mishap California man sentenced in online brokerage scam Spam, phishing and social engineering attacks Research reveals success rate of phishing attacks Notorious spammer sentenced in stock fraud scam Judge rejects TD Ameritrade breach settlement FDIC warns of bogus emails Two Romanians suspected in phishing scheme extradited to U.S. Social engineering tests should make sense, not headlines Zeus Trojan hitting banking customers hard Five considerations for choosing network access control products Proposed expansion of top-level domains generates security concerns Online scammers exploit bank brands and consumers' financial woes

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary