Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

SpyEye Trojan Targeting Verizon's Online Payment Page

Recently, Trusteer, a network security firm highlighted that, the telecom major Verizon's online payment service has been attacked by the Spy Eye Trojan that places user's payment card and other private information at risk, if the user is a Verizon client, as reported by Examiner on May 18, 2011.

Malware on the victim's system installs a counterfeit billing page after user have logged into his personal account. The page asks for private financial details which are further dispatched to the attacker and utilized for frauds related to credit card fraud.

Trusteer highlighted that, the Trojan alters the pages presented on the victim's web browser and in this specific instance the injected HTML (the code for building Web pages) was utilized to capture payment card-associated data.

Commenting on the matter, Amit Klein, Chief Technology Officer at Trusteer, stated that, the attack is apparent to Verizon clients as the malware waits for the user to log in and access their billing page and only then adds a genuine looking fake web page that asks for private information, as reported by Examiner on May 18, 2011.

He further stated that, as the user has logged on and has navigated through the recognizable billing page, they hold no good reason to believe that this request for payment information is actually fake.

The compromised information includes: First name, last name, City, Street address, state, zip, phone type, phone number, e-mail address, Social Security Number, Mother's Maiden Name, Date of Birth, country of citizenship, Card number, expiration date and CVV.

The SpyEye Trojan makes use of rootkit technology to conceal its existence on the compromised system. Moreover, SpyEye disables with antivirus and other security software to further avert detection. The SpyEye Trojan incorporates a keylogger to steal keystrokes typed on the compromised machines. SpyEye launches a man-in-the-browser attack, downloading malware into Internet Explorer, Chrome, Firefox, as well as Opera.

Conclusively stated that, with the rising occurrence of payment and credit card theft attacking the online properties of service providers, and e-commerce vendors, the payment card industry should take a close view at endpoints as the emerging "weak link" in safeguarding card data against frauds and scams," as reported by HELP NET SECURITY on May 18, 2011.

Related article: SAP Admits the Charges of Downloading Oracle’s Data

» SPAMfighter News - 30-05-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next