Please wait while the page is being loaded Skip this advertisement >
ARN

Botnet-controlled Trojan robbing online bank customers

Security firm says malware targeting commercial customers believed to have come from Russia
Ellen Messmer (Network World)  14 December, 2007 08:13:04
Have your say!
Add to Google

A new variant on the "Prg Banking Trojan" malware discovered in June is stealing funds from commercial accounts in the United States, United Kingdom, Spain and Italy with a botnet called Zbot, says Atlanta-based SecureWorks.

"It's been very successful since we've first seen this at the end of November," says Don Jackson, senior security researcher at SecureWorks, which believes the Prg Trojan variant is designed by the Russian hackers group known as Russian UpLevel working with some German affiliates.

"The Trojan has the ability to use a man-in-the-middle attack, a kind of shoulder-surfing when someone logs into a bank account. It can inject a request for a Social Security number or other information, and it's very dynamic. It's targeted for each specific bank."

SecureWorks says about a dozen banks -- which it wouldn't identify because it says the US Secret Service is investigating the incidents -- have had their commercial customers affected by the Trojan-based money fraud operation. According to SecureWorks, the bank Trojan malware can be distributed using iFrame exploits on Web sites or through very targeted attacks against bank customers via phishing. Oftentimes, the phishing e-mail attempts to lure the victim into clicking on a site to offer software disguised as a real certificate, security code or soft token, the company says, adding that it has uncovered caches of stolen data in its research.

If the attacker succeeds in getting the Trojan malware onto the victim's computer, he can piggyback on a session of online banking without even having to use the victim's name and password. The infected computer communicates back to the Trojan's command-and-controller exactly which bank the victim has an account with. It then automatically feeds code that tells the Trojan how to mimic actual online transactions with a particular bank to do wire transfers or bill payments

SecureWorks says the Trojan performs keystrokes that imitate the victim's keystrokes to avoid any online fraud-monitoring. Although the Secret Service is investigating the Trojan's impact on banks and their customers, Jackson says Russian law authorities are lax in reining in online criminal groups widely believed to be operating from Russia, including Russian UpLevel and the Russian Business Network.

Comments

Post new comment

Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Syndicate content
Careerone Job Search
Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate
Advertisers Click here to advertise your jobs to thousands of job seekers monthly.
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Community Comments
Most Commented
ARN Library


Read Material

Storage Security Best Practices

SNIA’s vendor-neutral guidance for organisations wishing to secure their storage systems and infrastructure.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.
Sponsored Links