New Trojan intercepts online banking information

Trojan.Silentbanker can intercept online banking transactions that normally are well guarded by two-factor authentication procedures

A new Trojan program is targeting unwitting users' bank data by intercepting account information before it is encrypted and sending it to a central attacker database.

The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user's bank account details over to the attacker's account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker's account after entering their second authentication password.

Although the Trojan.Silentbanker is listed by Symantec as having a low level of distribution and being easy to remove from infected machines, Symantec security response team member Liam O'Murchu says it still poses a danger because of its ability to work without users detecting it.

"The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis," writes O'Murchu on Symantec's security response blog. "This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey -- the list goes on."

The Trojan can be "downloaded or delivered silently through Web exploits," according to Symantec. Once it has been loaded to a machine, it can hook onto various APIs in both Internet Explorer and Firefox. As soon as the program is in place on a Web browser, it is free to cause all kinds of mischief, including redirecting legitimate banking requests to attacker-controlled computers; altering the HTML of pages shown to the user; and recording user names and passwords, as well as capturing screenshots of any Web pages the user visits.

Additionally, says O'Murchu, the Trojan can constantly update itself, as it relays URLs and HTML from banking Web sites to the attackers on a daily basis. "Using these submissions they can target banks for which they do not have bank accounts already," he says. "We are currently monitoring all of the updates to this Trojan."

Symantec recommends users take several steps to guard themselves against this Trojan, including disabling system restore before getting rid of the virus, to ensure the system doesn't inadvertently back up a copy of the Trojan software; making sure all virus definitions are updated on their antivirus software; running a full virus scan of their machines; and finally, deleting the value from their registry.

The Silentbanker Trojan is not the first Trojan aimed at attacking bank accounts. Late last year, for instance, security firm SecureWorks discovered a botnet-controlled Trojan called the "Prg Banking Trojan" that is believed to have affected customers from more than a dozen banks in the United States, the United Kingdom, Italy and Spain.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brad Reed

Network World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?