Bigger Threat Posed by Banking Trojans
The Trojan programs have hiked up alarmingly which aim mainly at the banking information and activity of computer users and this situation is supposed to worsen in the future. The IT security experts at the Hack In The Box Security Conference (HUITBSecConf), organized from 3rd to 6th September 2007 in Kuala Lumpur, reported about the threat.
The unsuspected user is attacked by Trojan (which otherwise lies inactive) when he or she accesses the banking Website. The Trojan attacks either by attempting to piggyback on a valid connection to secretly make counterfeit transactions or by sending the authentication information to the attacker after collecting it.
The chief research officer at security company F-Secure, Mikko Hypponen, stated that even Malaysian sites are being aimed at and it poses a big threat though not many cases have been reported so far, as reported by thestaronline on 11th September 2007.
The problem of banking Trojan is of more concern than phising attacks where, for example, hackers might make up phony Websites imitating real banking sites, added Hypponen. Phising filters can help in protecting users satisfactorily if used properly and cannot get any worse than what it is at present. Although the user had taken precautions to log on to genuine Website, and which had the connection protected by encrypton, hackers could successfully steal money, added Mikko Hypponen.
According to Lance Spitzner, the Honeynet Project's President, an organization mainly concerned to improve the Internet security, the malevolent software writers are creating complicated codes targeting to make millions of dollars, as per the news reported by Zdnet.com on 7th September 2007.
Spitzner also added that the techniques used by hackers are rapidly changing and thus, it is difficult to keep pace with them. For the criminals, its all coming back on investments as by changing the techniques frequently, they can make more money.
Many organized centres for cybercrime that steal all types of account password and username have come up all over the world. Cyber-criminals are gathering information for online gaming Websites, stock brokerages and enoromous multiplayer online role-playing game (MMORPG) sites.
» SPAMfighter News - 25-09-2007