Norman Raises Warning Against SpyEye Banking Malware Flaw

One of the top security firms, Norman, have lately (March 08, 2011) declared that its security researchers have found a quickly emerging kind of SpyEye Trojan malware that attacks particular online banking applications, as reported by PR Newswire on March 08, 2011.

SpyEye is basically a malicious malware toolkit that has progressively become popular during the last few months and is quite same to the extensively utilized Zeus malware that has resulted in millions and millions of costly infections worldwide.

A business or an individual netizen might install the malware while unknowingly surfing or browsing various famous malware ridden websites. SpyEye waits for the netizen or any individual to access online banking account prior to its activation.

SpyEye registered keystrokes, comprising online access information on bank accounts, and incorporated the compromised systems into a botnet. Its gravity is based on the fact, that it can control the current online banking procedures and redirect transfers. However, it views the web browser's access to the website of certain monetary organizations. Depending on the verification mechanism that needs the bank application, it adds impulsively HTML code in the page that is open on the screen of the user.

Additional versions fade in on usual login page for extra query columns, which should be extracted for the user further transactions needed columns.

Commenting on the matter, Einar Oftedal, Director of malware Detection, stated that, Norman, previously February (2011), while working with numerous banks in Norway, found a particular type of SpyEye that cybercriminals have lately developed, as reported by HELP NET SECURITY on March 09, 2011.

He further stated that, this variant of SpyEye has also attacked other banks situated in Europe and Asia. It could simply be customized to work against any bank in any of the nation. Net banking users in North America and Europe should be quite alert to protect themselves against such online risks.

Not just Norman, but Security Firm 'Seculert' had also announced during February (2011) that, SpyEye Trojan is a novel threat that is tough to identify and, similar to Zeus Trojan, it targets innocent netizens' bank accounts.

However, this specific type of SpyEye just attacks the initials login column on a banks' legal webpage, stealing login credentials and quickly and illegitimately transferring money until the application times out in around 20 seconds.

» SPAMfighter News - 3/19/2011