funsec mailing list archives
Re: New Trojan re-writes online bank statements to cover fraud
From: RandallM <randallm () fidmail com>
Date: Wed, 30 Sep 2009 15:05:08 -0500
On Wed, Sep 30, 2009 at 2:49 PM, Paul Ferguson <fergdawgster () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 30, 2009 at 10:49 AM, RandallM <randallm () fidmail com> wrote:On Wed, Sep 30, 2009 at 8:33 AM, <funsec-request () linuxbox org> wrote:"New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim?s dwindling balance by rewriting online bank statements on the fly, according to a new report. The sophisticated hack uses a Trojan horse program installed on the victim?s machine that alters html coding before it?s displayed in the user?s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances." --clip-- More at http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/ It appears that this is something totally new... Juha-MattiCould this also turn in to a new form of "Redirect", that is, alter the incoming pages to set up to links?Actually, this is what is known as the "URLzone" or "Bebloh" Trojan... - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKw7Zfq1pz9mNUZTMRAhNcAKCby429ibISb+Cra3+g6TD4sxjegQCeN26s RX1H5wusngkjKZSt+0knZB0= =e9f8 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Paul, Yes, I understand that, but what I was referring to is its ability to "scan" and "change" on the fly the bank HTML links and info. Can't that then be used to change any desired URL incoming to "whatever" one wants it to be? -- been great, thanks a.k.a System _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: New Trojan re-writes online bank statements to cover fraud RandallM (Sep 30)
- Re: New Trojan re-writes online bank statements to cover fraud Paul Ferguson (Sep 30)
- Re: New Trojan re-writes online bank statements to cover fraud RandallM (Sep 30)
- Re: New Trojan re-writes online bank statements to cover fraud Paul Ferguson (Sep 30)