Tweet
Internet Banking Systems Threatened by Trojan
Thanks to Froggy for the 'Heads Up' on this story
Internet Banking Authentication Systems Threatened By New Trojan
http://www.itbsecurity.com/pr/18392
London, England, January 30th 2008 – Tier-3, the behavioural analysis IT security specialist, says that a new Trojan, spotted in various forms by Symantec in recent weeks, now poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers...
"Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone," said Geoff Sweeney, CTO of Tier-3.
"This new Trojan, Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man- in-the-middle type attack during an e-banking session. This effectively counters the protection afforded users by the two-factor authentication technology," he added.
The good news, says Sweeney, is that provided users keep their IT security software up to date, the software should spot the Trojan as it attempts to infect the users' PC.
"The danger is that hackers will develop several variations on a theme with this and other Trojans, generating the Trojan equivalent of a series of zero-day attacks. At that point, the efficacy of conventional security software starts to wane," he explained.
Deadly Trojan targets 400 banks
Financial Standard
Imagine logging in to your bank account online, making a transaction, then finding out that you’ve just given your details – and funds – to a nameless hacker. Now imagine the Trojan targeting the users of 400 banks worldwide, including several institutions in Australia.
Introducing “Trojan.Silentbanker” – a banking Trojan horse that is able to circumvent two-factor authentication, intercept transactions, and silently alter users’ bank account details to the attacker’s account details instead.
Despite the Trojan being around for a while, global infrastructure company, Symantec, has flagged the program as a risk to net-banking security, primarily due to its comprehensive interception technique and that it boasts over 400 banks on its hit list.
“[The Trojan] employs a “man in the middle attack”, and what that means is that the bad guy is sitting between your computer and the bank,” said John McDonald, senior securities response manager at Symantec.
“Although that’s not new, it’s a worry because of what it can do, which is basically diverting users’ funds when they connect to their bank account to make transfers – and that it’s targeting 400 banks for a start.
“The attacker who’s sitting there at the middle is able to transfer those funds to an account of their choice, and there are a lot of different parts [such as window pop ups and advertisements] that have come together in quite a comprehensive package to pose a problem,” he said.
McDonald added that people might have targeted one or two banks in the past, but that 400 is a significant number, especially when the banking information and other data it uses is configurable to download updates to the program itself.
But McDonald confirms that the banks’ online security systems are on full alert, and that information of the Trojan is available to users worldwide.
“Run anti-virus software and keep it up to date, keep your machine patched, keep your operating system and application up to date with the latest updates, and run a firewall as well,” advises McDonald on protecting users from the Trojan.
Symantec: Trojan has 400 banks on its hitlist
Zero Day mobile edition
A Trojan dubbed Silentbanker targets more than 400 banks including the household names in the U.S. and other financial institutions abroad and hangs in the background to intercept transactions with two-factor authentication, according to researchers at Symantec.
In a day full of the usual Trojan attacks (they all sort of look alike after awhile) the sheer versatility of Trojan.Silentbanker is notable. Symantec researcher Liam OMurchu writes in a blog post:
Symantec notes that the Trojan adapts based on what it needs. It tries the easiest attack vector and then works up to the more difficult approaches. In other words, the Trojan.Silentbanker cribs whatever it needs–cookies, passwords, certificates, HTML–to get the goods.
While this Trojan is only targeting one bank in a “classic man-in-the-middle” attack it’s capable of taking any passwords for multiple services. Toss in the ability to download updates and collect referrals for redirecting you to sites and this pup is quite versatile.
NOTES:
Internet Banking Authentication Systems Threatened By New Trojan
http://www.itbsecurity.com/pr/18392
London, England, January 30th 2008 – Tier-3, the behavioural analysis IT security specialist, says that a new Trojan, spotted in various forms by Symantec in recent weeks, now poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers...
"Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone," said Geoff Sweeney, CTO of Tier-3.
"This new Trojan, Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man- in-the-middle type attack during an e-banking session. This effectively counters the protection afforded users by the two-factor authentication technology," he added.
The good news, says Sweeney, is that provided users keep their IT security software up to date, the software should spot the Trojan as it attempts to infect the users' PC.
"The danger is that hackers will develop several variations on a theme with this and other Trojans, generating the Trojan equivalent of a series of zero-day attacks. At that point, the efficacy of conventional security software starts to wane," he explained.
Deadly Trojan targets 400 banks
Financial Standard
Imagine logging in to your bank account online, making a transaction, then finding out that you’ve just given your details – and funds – to a nameless hacker. Now imagine the Trojan targeting the users of 400 banks worldwide, including several institutions in Australia.
Introducing “Trojan.Silentbanker” – a banking Trojan horse that is able to circumvent two-factor authentication, intercept transactions, and silently alter users’ bank account details to the attacker’s account details instead.
Despite the Trojan being around for a while, global infrastructure company, Symantec, has flagged the program as a risk to net-banking security, primarily due to its comprehensive interception technique and that it boasts over 400 banks on its hit list.
“[The Trojan] employs a “man in the middle attack”, and what that means is that the bad guy is sitting between your computer and the bank,” said John McDonald, senior securities response manager at Symantec.
“Although that’s not new, it’s a worry because of what it can do, which is basically diverting users’ funds when they connect to their bank account to make transfers – and that it’s targeting 400 banks for a start.
“The attacker who’s sitting there at the middle is able to transfer those funds to an account of their choice, and there are a lot of different parts [such as window pop ups and advertisements] that have come together in quite a comprehensive package to pose a problem,” he said.
McDonald added that people might have targeted one or two banks in the past, but that 400 is a significant number, especially when the banking information and other data it uses is configurable to download updates to the program itself.
But McDonald confirms that the banks’ online security systems are on full alert, and that information of the Trojan is available to users worldwide.
“Run anti-virus software and keep it up to date, keep your machine patched, keep your operating system and application up to date with the latest updates, and run a firewall as well,” advises McDonald on protecting users from the Trojan.
Symantec: Trojan has 400 banks on its hitlist
Zero Day mobile edition
A Trojan dubbed Silentbanker targets more than 400 banks including the household names in the U.S. and other financial institutions abroad and hangs in the background to intercept transactions with two-factor authentication, according to researchers at Symantec.
In a day full of the usual Trojan attacks (they all sort of look alike after awhile) the sheer versatility of Trojan.Silentbanker is notable. Symantec researcher Liam OMurchu writes in a blog post:
The ability of this Trojan to perform man-in-the-middle attacks on valid transactions is what is most worrying. The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker’s account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker’s details instead. Since the user doesn’t notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Unfortunately, we were unable to reproduce exactly such a transaction in the lab. However, through analysis of the Trojan’s code it can be seen that this feature is available to the attackers.
Silentbanker was reported by Symantec last month but deemed very low risk at the time. Now Symantec reckons Silentbanker may have more mojo.Symantec notes that the Trojan adapts based on what it needs. It tries the easiest attack vector and then works up to the more difficult approaches. In other words, the Trojan.Silentbanker cribs whatever it needs–cookies, passwords, certificates, HTML–to get the goods.
While this Trojan is only targeting one bank in a “classic man-in-the-middle” attack it’s capable of taking any passwords for multiple services. Toss in the ability to download updates and collect referrals for redirecting you to sites and this pup is quite versatile.
NOTES:
- The Trojan may be downloaded or delivered silently through Web exploits and then executed. It arrives as the following file: sk.exe
- Also Known As: Spy-Agent.cm
- Symantec Info Page
