Banking Malware Cheats Users of UK Banks
Trusteer, a security firm alarms users of "Silon", a piece of banking malware that in particular aims at the UK banks.
According to Mickey Boodaei, CEO of the firm, this particular malware acts as a 'man in the middle' attack, specifically targeting the login page, and so far, out of 41 anti-virus detections, only one has been made, as reported by SCMagazine on March 17, 2010.
As explained by Trusteer, Silon was capable of targeting Web pages 'on the fly'. Including one time passwords, the malware collects logon details. It is tough for anti-virus to spot it because as an .exe file it appears different of ever system.
When the online banking application users are the prime targets, who are safeguarded by the means of transaction authentication devices, this malware Silon first waits till the time the user has logged on, and then, into the login flow which is between the bank's Web server and the user, it infuses dynamic html code.
First thing first, Silon shows genuine looking Web pages which appear as if they belong to the bank itself, requesting the user to use transaction authentication device. Then it asks the user to insert details into the Web page from the devise. Now, cyber-criminals use this information to carry out fake transactions on user's behalf.
Besides, Silon can also seize the Internet Explorer session of a user and steal his/her credentials. Such an act has been linked with various hoax incidents at big banks. In every 350 UK computers, Silon is running on one, according to Trusteer's analysis.
The CEO commented that basically, Silon is a sophisticated malware invisible to anti-virus purveyors. An ultimate piece of malware, it is tremendously distributed to big customers, avoiding all the rules that exist.
Boodaei also gave a solution and said that by identifying the malware accountable for attacks, the banks can very easily spot the gaps that exist in their defenses and develop effective strategies to prevent malware, as reported by ComputerWeekly.com on March 17, 2010.
He added that it is crucial for any organization to identify the threat at regular intervals. It is must to execute the process of understanding a threat before making any additional or initial investments in the sphere of IT security.
» SPAMfighter News - 25-03-2010