‘Silon’ Malware Detects IE Login Sessions and Steals CredentialsAccording to a warning from security researchers at Trusteer (a company that protects customers doing online businesses), a new Trojan called Silon is able to intercept users' Web login activities inside Internet Explorer. When Silon detects a user's login session, it reads and encrypts the details and transmits them to a remotely located server that commands-and-controls the Trojan. This server also stores the stolen identification data of other victims. If Silon attacks online banking customers engaged in financial transactions (where the transactions are protected with validation tools like banking card interpreters or tokens), then W32.Silon hangs around till the user logs in so that it injects a powerful html script inside the process that connects the customer with his financial institution's server. At first, the Trojan produces genuine appearing web-pages, which seem as though they belong to the bank's website(s) and directs the user to use his transaction validation tool. Subsequently, it further directs the user to type in details into the pages that cyber-criminals sooner or later exploit for carrying out fraudulent transactions in the name of the user. The research has shown that W32.Silon forms only a small part of the total malicious programs though Trusteer spotted it in honeypots situated in Europe and North America during late September 2009. Apparently, it isn't clear as to how Silon is infecting systems. Security researchers, however, speculate the infection could be via any spam outbreak or a contaminated USB drive. Moreover, Trusteer with the help of law enforcement is making efforts to locate the command-and-control system. A company spokesperson desisted from remarking about the C&C server's location and said that researchers hadn't yet gained access to it nor been able to find out Silon's success rate. Eventually, Trusteer's researchers said that the new Trojan demonstrated the progress that malware authors had made in increasing their capability of vigorously executing a number of bank oriented assaults using just one malicious program. They also expressed concern over Silon's sophistication level since it tried to get around tough validation devices such as PINs and card readers. Related article: “Loopholes did not cause online banking thefts”: ICBC » SPAMfighter News - 11/6/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
