Information Security News mailing list archives
New Malware Re-Writes Online Bank Statements to Cover Fraud
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 30 Sep 2009 03:22:04 -0500 (CDT)
http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/ By Kim Zetter Threat Level Wired.com September 30, 2009 New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim's dwindling balance by rewriting online bank statements on the fly, according to a new report. The sophisticated hack uses a Trojan horse program installed on the victim's machine that alters html coding before it's displayed in the user's browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances. The ruse buys the crooks time before a victim discovers the fraud, though won't work if a victim uses an uninfected machine to check his or her bank balance. The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan. "The Trojan is hooked into your browser and dynamically modifies the text in the html," Ben-Itzhak says. "It's a very sophisticated technique." [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.org
Current thread:
- New Malware Re-Writes Online Bank Statements to Cover Fraud InfoSec News (Sep 30)