Trojan targets UK online bank accounts


N

Neaco

http://www.theregister.co.uk/2004/11/12/banker_trojan/

Virus writers have created a new Trojan horse capable of helping crooks to
break into the accounts of British internet banking customers.

The Banker-AJ Trojan targets users of UK online banks such as Abbey,
Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest. The malware records
passwords and keystrokes once users of infected machines visit targeted
websites. This data is then surreptitiously transmitted to crooks, allowing
fraudsters to later empty bank accounts.

People are increasingly aware of the threat from phishing emails which
direct innocent users to fake banking websites in order to capture personal
details, but this Trojan is different - it waits until the user visits a
real banking website and then surreptitiously monitors the login process,"
said Graham Cluley, senior technology consultant at Sophos. "It's like
having a mugger looking over your shoulder as you type in your PIN number."

Sophos said that the techniques used by the Banker-AJ Trojan are a repeat of
tactics previously used by malware authors to gain access to Brazilian
online bank accounts.

The use of malicious code and phishing scams to extract confidential account
details from consumers have cost British banks more than £4.5m over the last
year, according to estimates from banking group APACS published last months.
APACS and UK police warn that the use of malicious code in such attacks in
beginning to eclipse conventional phishing attacks in its severity. ®
 
Ad

Advertisements

M

Matti Lamprhey

Neaco said:
http://www.theregister.co.uk/2004/11/12/banker_trojan/

Virus writers have created a new Trojan horse capable of helping
crooks to break into the accounts of British internet banking
customers.

The Banker-AJ Trojan targets users of UK online banks such as Abbey,
Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest. The malware
records passwords and keystrokes once users of infected machines visit
targeted websites. This data is then surreptitiously transmitted to
crooks, allowing fraudsters to later empty bank accounts. [...]
Don't the drop-down selectors avoid this problem?

Matti
 
J

Jim Ley

Neaco said:
http://www.theregister.co.uk/2004/11/12/banker_trojan/

Virus writers have created a new Trojan horse capable of helping
crooks to break into the accounts of British internet banking
customers.

The Banker-AJ Trojan targets users of UK online banks such as Abbey,
Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest. The malware
records passwords and keystrokes once users of infected machines visit
targeted websites. This data is then surreptitiously transmitted to
crooks, allowing fraudsters to later empty bank accounts. [...]
Don't the drop-down selectors avoid this problem?
no, they're just as trivial to catch with trojans - key-loggers are
unnecessary (loads of data to trawl through, don't know what matches
what, so they're much more sophisticated), all you want to do is hook
into the browser, and when it's on a log in page, capture the relevant
information.

It doesn't matter if you're capturing the result of drop downs or
key's pressed, what you're capturing is just events in the browser.
What everyone calls key-loggers are actually much more complicated
than that implies.

The drop downs offer no protection of keyboard input that I can see.
(and the sydney morning herald once called me a security expert...)

Jim.
 
D

Daytona

I would have thought anyone with common sense that was using
anti-virus & anti-spyware tools and a firewall has very little chance
of being caught by a key-logger.

Daytona
 
T

Tumbleweed

Daytona said:
I would have thought anyone with common sense that was using
anti-virus & anti-spyware tools and a firewall has very little chance
of being caught by a key-logger.

Daytona
What about the other 99% of the internet population then?

And even with such tools, there seem to be enough holes in IE security to
make anyone realise that your machine could be compromised without you
knowing, however good the security. Like the recent jpeg issues.
 
G

GSV Three Minds in a Can

from the said:
I would have thought anyone with common sense that was using
anti-virus & anti-spyware tools and a firewall has very little chance
of being caught by a key-logger.
Depends on the firewall, really. Many are 'block incoming cr&p only' (eg
the WinXP one, and NAT in the hardware router/switch) and won't stop
stuff already on your PC from phoning home.

Spyware & Virus tools get updated every time someone gets hit .. usually
a few thousand are hit before the update goes out. In bad cases, several
10's of thousand. Updating your systems, and applying a modicum of
common sense (aka 'safe hex') works as well as anything .. I've had
several binaries recently that my virus checker said were just dandy ..
but I didn't runt hem anyway. 2 days later they were suddenly (from the
wastebasket) flagged as new virus variants.

Ergo - if your virus/trojan/spyware checker says it IS a virus, it
almost certainly IS. If your virus/trojan/spyware says it isn't, it
probably still IS, if it showed up out of the blue, and looks
executable.
 
D

Daytona

Tumbleweed said:
What about the other 99% of the internet population then?
When the banks stop taking pity on them (with other peoples money),
they'll have lost their money. It's a stupidity tax.
And even with such tools, there seem to be enough holes in IE security
IE is rather akin to the free software promising to increase your
download speed if you download it. It's a stupidity tax.

Daytona
 
D

Daytona

GSV Three Minds in a Can said:
Depends on the firewall, really. Many are 'block incoming cr&p only' (eg
the WinXP one, and NAT in the hardware router/switch) and won't stop
stuff already on your PC from phoning home.
I think ZoneAlarm is the de facto standard and it handles outgoing
traffic as a matter of course.
Spyware & Virus tools get updated every time someone gets hit .. usually
a few thousand are hit before the update goes out. In bad cases, several
10's of thousand.
Which is where common sense comes into play.

Daytona
 
Ad

Advertisements

J

Jim Ley

I think ZoneAlarm is the de facto standard and it handles outgoing
traffic as a matter of course.
but the browser is going to be allowed out...

All you need to do is get an Add-in installed to IE, (or to another
browser, in mozilla you could do a bank password snarfer purely in
script) the Add-in then acts wholly in the browsers security sandbox,
if zonealarm has been told to let the browser through, then the
browser will go through, whatever site it's talking about.

Jim.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top