Trend Micro Suggested for Silently Robbing Victim’s Bank Account, Automated Systems are Being Used by Cybercriminals
Cybercriminals are by means of an automated system to silently rob bank account without having online at the same time. According to new white paper "automating online banking fraud" released currently by security firm trend micro.
Automatic transfer system (ATS) which is a new technique is now used in combination with famous crime ware kits to form a "man-in-the-browser" (MitB) attack that can evade online security banking measures, trend micro researchers said in the paper, a new cyber crime tool.
Security researchers focused on how two famous crime ware kits Zeus and Spy Eye, used these tools to silently transfer funds from one account to other-all while staying under radar.
ATS remains invisible whereas weblnject files which exhibit pop-ups to attract the victim to steal the credentials. ATS also do not motivate the display of pop-ups and executed several task as examining account balance and performing wire transfers employing victim credentials without warning them, explained white paper.
ATS script also changed account stability and hide illegal transaction to conceal traces of their occurrence to victims. Until the system remains contaminated with an ATS, the users are not allowed to see illegal transaction made from his/her accounts.
"What we have observed in last three months is more updated and the automation of bypassing two-factor authentication and achieving a man-in-the-browser attack," said by Tom Keller man, vice president of cyber security for trend micro, as published by dark Reading dated June 18,2012.
Germany, United Kingdom and Italy are the countries that mostly suffer from ATS attacks because of more cybercriminal demands for ATSs targeting them. Also there are some banks in the above countries are insufficiently secured does not help.ATSs targeting German banks are quiet common place. These are also widely available and utilized," the whitepaper continues.
Trend micro finally explained by predicted that cybercriminals will carry on to improve ATSs, as these can prove to be a good source of income. Defense against ATS attacks should start with blocking the initial infection which can come in the form of phishing emails or drive-by downloads from malicious or compromised legal sites.
Related article: Trend Micro Warns of Flaw in its Anti-Virus
» SPAMfighter News - 27-06-2012