Trojan can grab extra personal banking data

A Trojan can add data entry fields to legitimate online banking sites and entice consumers to give up additional information.

A Trojan horse program now available to a growing number of fraudsters can add data entry fields to legitimate online banking sites and entice consumers to give up sensitive information such as bank card numbers and PINs (personal identification numbers).

The Limbo malware integrates itself into a Web browser using a technique called HTML (Hypertext Markup Language) injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions, a division of EMC. Because it's so closely integrated in the browser, it can operate even while the user is at the real bank site and can actually change the layout of that site, he said.

"If phishing were a stock, I would invest in it

"Nothing tells you that something is wrong here, with one exception: You're being asked to provide some information that you were never asked to do before," Rivner said during a briefing for reporters and analysts earlier this week. "If you are convinced that you are now communicating with the bank, the fraudsters can get away with anything they like."

Limbo can get onto a user's computer through many paths, including both pop-up messages that ask you to download an add-on program and methods that are invisible to the user, he said. They sometimes get on to PCs in conjunction with other phishing attacks.

And like other malware programs, Limbo is becoming available to more fraudsters through an underground market that includes a complex supply chain and falling prices, according to Rivner. Limbo costs about US$350, down from about $1,000 a year ago and $5,000 two years ago, he said.

"The big trend here is that it's becoming affordable," Rivner said.

The online fraud marketplace consists of "harvesters" who collect user information and "cashout" operations that use the information to do whatever has to be done to translate that information into money. For example, harvesters may capture credit-card numbers and cashout operations may use those cards to buy products online, have them delivered to an address, and sell them on the black market, he said. The two classes of fraudsters typically meet and do business with each other in IRC chatrooms and dedicated Web forums, where the most successful fraudsters are the ones who develop a reputation for working reliably and honestly with other participants, Rivner said.

Now, some fraudsters are taking a SaaS (software-as-a-service) approach, selling malware, access to botnets and everything else a person needs to become a harvester of data on unsuspecting consumers, according to Rivner. Having paid the price for this service, the harvesters can then take the identities stolen with it and sell them at a profit. The ease of going into business with this model may dramatically increase the volume of online fraud, he said.

"If phishing were a stock, I would invest in it," Rivner said.

At RSA, the encryption giant that became EMC's security business through a US$2.1 billion acquisition in 2006, the target for combatting online banking fraud is the cashing-out step. The company sells software that looks at every transaction a customer makes and assesses the level of risk, Rivner said. It may look at the IP (Internet Protocol) address from which the site is being accessed, as well as that user's typical pattern of transactions. If the risk level is high, the bank can block the transaction and contact the customer directly, he said.

This approach is increasingly being used by banks because of the difficulty of tracking down and eradicating malware and phishing, Rivner said. There may be numerous Trojans on a customer's computer, but the bank isn't hurt by any of them until a fraudster tries to use them to divert money from an account, he said.

Tags trojanonline bankingmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?