New Trojan intercepts online banking information

Trojan.Silentbanker can intercept online banking transactions that normally are well guarded by two-factor authentication procedures

A new Trojan program is targeting unwitting users' bank data by intercepting account information before it is encrypted and sending it to a central attacker database.

The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user's bank account details over to the attacker's account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker's account after entering their second authentication password.

Although the Trojan.Silentbanker is listed by Symantec as having a low level of distribution and being easy to remove from infected machines, Symantec security response team member Liam O'Murchu says it still poses a danger because of its ability to work without users detecting it.

"The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis," writes O'Murchu on Symantec's security response blog. "This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey -- the list goes on."

The Trojan can be "downloaded or delivered silently through Web exploits," according to Symantec. Once it has been loaded to a machine, it can hook onto various APIs in both Internet Explorer and Firefox. As soon as the program is in place on a Web browser, it is free to cause all kinds of mischief, including redirecting legitimate banking requests to attacker-controlled computers; altering the HTML of pages shown to the user; and recording user names and passwords, as well as capturing screenshots of any Web pages the user visits.

Additionally, says O'Murchu, the Trojan can constantly update itself, as it relays URLs and HTML from banking Web sites to the attackers on a daily basis. "Using these submissions they can target banks for which they do not have bank accounts already," he says. "We are currently monitoring all of the updates to this Trojan."

Symantec recommends users take several steps to guard themselves against this Trojan, including disabling system restore before getting rid of the virus, to ensure the system doesn't inadvertently back up a copy of the Trojan software; making sure all virus definitions are updated on their antivirus software; running a full virus scan of their machines; and finally, deleting the value from their registry.

The Silentbanker Trojan is not the first Trojan aimed at attacking bank accounts. Late last year, for instance, security firm SecureWorks discovered a botnet-controlled Trojan called the "Prg Banking Trojan" that is believed to have affected customers from more than a dozen banks in the United States, the United Kingdom, Italy and Spain.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brad Reed

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?