Trojan Variant Helps Loot Bank Accounts in Four Countries
A crew of German hackers is using a customized Trojan in well crafted and highly targeted phishing attacks to rob commercial accounts at banks in four different countries, a security researcher said on December 13, 2007. ComputerWorld published this in news.
Senior Security Researcher, Don Jackson, for SecureWorks and discoverer of the actual Trojan six months back in June 2007 said that the malware is truly a state-of-the-art fraud code. The custom-built Trojan is one step ahead of the man-in-the-middle attacks. ChannelWebNETWORK published this in news on December 13, 2007.
In yet another statement, Jackson said that although the Trojan has not spread wide, it is quite dangerous. The criminals have already committed a theft of over $200,000 from the mentioned bank accounts while managing to escape notice. ComputerWorld published Jackson's statement on December 13, 2007.
Jackson further said that so far, he has come across four servers containing Prg-configuration files, fake copies of legitimate banking websites, and stores of data that the Trojan harvested.
Security researchers describe the attack as a two-staged approach. First, the hackers infect the user's system via malicious links included in e-mails and through iFrames on specially crafted websites, which lead to the installation of info-stealing Trojans. Then in the next stage, the Trojan retrieves whatever the victim types into the browser and transfers that to a remote server.
According to SecureWorks, the Trojan mimics the keystrokes of the victim so that any online fraud detection device is unable to suspect its activity.
Hackers have been fast to use the malware to attack about 20 leading banks in Spain, Italy, the UK and the US. Researchers have found that a Russian UpLevel hacking gang, and some German criminals have designed and used the banking malware by launching their assaults from Mumbai (India) and Moscow (Russia) data centers.
Jackson thinks the law authorities in Russia are not properly dealing with the criminal gangs operating from the Russian Business Network (RBN) and Russian UpLevel.
Experts projected that the Trojan's future variants would operate from the web to avoid sophisticated spam filters. Also, attackers would determine more advanced techniques to improve their seeding.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 28-12-2007