BreachExchange mailing list archives
Botnet-controlled Trojan robbing online bank customers
From: Rodney Wise <rwise () seostrich com>
Date: Fri, 14 Dec 2007 07:48:54 -0500
NetworkWorld.com > Security > Botnet-controlled Trojan robbing online bank customers Security firm says malware targeting commercial customers believed to have come from Russia By Ellen Messmer, Network World, 12/13/07 A new variant on the "Prg Banking Trojan" malware discovered in June is stealing funds from commercial accounts in the United States, United Kingdom, Spain and Italy with a botnet called Zbot, says Atlanta-based SecureWorks. "It's been very successful since we've first seen this at the end of November," says Don Jackson, senior security researcher at SecureWorks, which believes the Prg Trojan variant is designed by the Russian hackers group known as Russian UpLevel working with some German affiliates. ________________________________________________________________________ Read the latest WhitePaper - A Good Mobile Experience: Balancing IT Requirements While Giving End-Users the Mobile Experience They Want ________________________________________________________________________ "The Trojan has the ability to use a man-in-the-middle attack, a kind of shoulder-surfing when someone logs into a bank account. It can inject a request for a Social Security number or other information, and it's very dynamic. It’s targeted for each specific bank." SecureWorks says about a dozen banks -- which it wouldn't identify because it says the U.S. Secret Service is investigating the incidents -- have had their commercial customers affected by the Trojan-based money fraud operation. According to SecureWorks, the bank Trojan malware can be distributed using iFrame exploits on Web sites or through very targeted attacks against bank customers via phishing. Oftentimes, the phishing e-mail attempts to lure the victim into clicking on a site to offer software disguised as a real certificate, security code or soft token, the company says, adding that it has uncovered caches of stolen data in its research. If the attacker succeeds in getting the Trojan malware onto the victim's computer, he can piggyback on a session of online banking without even having to use the victim's name and password. The infected computer communicates back to the Trojan's command-and-controller exactly which bank the victim has an account with. It then automatically feeds code that tells the Trojan how to mimic actual online transactions with a particular bank to do wire transfers or bill payments SecureWorks says the Trojan performs keystrokes that imitate the victim's keystrokes to avoid any online fraud-monitoring. Although the Secret Service is investigating the Trojan's impact on banks and their customers, Jackson says Russian law authorities are lax in reining in online criminal groups widely believed to be operating from Russia, including Russian UpLevel and the Russian Business Network. Rodney Wise Rodney Wise South East Ostrich Supply http://www.seostrich.com (803) 741-5636 _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Botnet-controlled Trojan robbing online bank customers Rodney Wise (Dec 14)