Online Banking and the Next Generation of Trojans

A news report which posted on September 29, 2009 on CNet News revealed what security experts referred to as the “next generation” of banking Trojan.  The bank Trojan, dubbed URLZone, has features designed to thwart fraud detection systems which are triggered by unusual transactions. 

The software is programmed to calculate on-the-fly how much money to steal from an account based on how much money is available.   While the computer user goes about his or her business on the banking site, the Trojan looks at the available balance and figures out how much money to steal. The Trojan is given a minimum and a maximum range that is below the amount that triggers antifraud systems, and to leave a certain percentage in the account.

After performing the calculation, the Trojan then makes the transaction, communicating with the bank site through the browser without the computer user knowing.  the Trojan hides the theft by erasing it from the report of account activity displayed to the computer user and shows a fake balance–what the amount would be if not for the theft. The victim will not notice something is wrong until a different, uncompromised computer is used to access the account, an ATM is used, or a transaction is denied because of insufficient funds.

Think you’re safe if you use a browser other than Internet Explorer?  Think again.  It exploits a hole in Firefox, Internet Explorer 6, IE7, IE8, and Opera.  The Trojan can come via a number of avenues, including malicious JavaScript or an Adobe PDF, or visiting an infected site.  About 90,000 computers visited the sites housing the malware and 6,400 of them were infected: a 7.5 percent success rate. Of those whose computers installed the Trojan, a few hundred had money stolen from their bank accounts.

The good news — for now — is that the Trojan was designed to target customers of unnamed German banks.  But this new level of sophistication will definitely be showing up again.  This is the first reported Trojan that hijacks a victim’s browser session, steals the money while the victim is doing online banking, and then covers its tracks by modifying information displayed to the victim, all in real time.  The Trojan also keeps a log of the victim’s bank account log in credentials, takes screenshots, and snoops on the user’s other Web accounts, such as PayPal, Facebook, and Gmail.

What defense do you have?  Keep your antivirus, operating system, browser and other software up to date, meaning be sure to install all security patches.  Be careful about visiting unknown web sites, which are sometimes designed to infect visitors.  Even legitimate sites might be an unknowing host to a nasty payload.



To return to the main page of the blog, click here.  To return to the blog  Index, click here.

WordPress Themes