Another Banking Trojan Captures Users’ Account Data
A recently emerging Trojan is on the run to capture banking data of unwitting users by stealing their account information to be subsequently encrypted and sent to the attacker's main database.
Symantec Corp., provider of security software, has dubbed the new Trojan as Trojan.Silentbanker. This malware is capable of intercepting Internet banking dealings that normally have the two-factor authentication guard. When an online banking transaction is in process, Trojan Silentbanker would change the bank account data of the target user over to that of the attacker, while constantly imitating all that the user typically expects to receive as response to his feed for the transaction. Since the user is quite unaware of the change of his account data, he unknowingly transfers funds to the criminal's account after keying in his password for the second authentication process.
According to Liam Omurchu, Security Researcher at Symantec, Silentbanker could also divert users to the server from where the attack originates. Omurchu posted this warning on Symantec's Security Response blog on January 14, 2008.
In December 2007, when Symantec first reported the banking Trojan, the anti-virus firm labeled it as a 'very low risk' threat. However, Omurchu notes that the Trojan's recent behavioral observations indicate that it is potentially more threatening than previously thought.
According to Symantec, the Trojan could be made to download or be quietly delivered by exploiting web flaws. Once installed onto a system, it can attach itself to the APIs in both Firefox and Internet Explorer. So when the program places itself onto the browser, it engages in all types of mischief. These include redirecting banking requests to the attacking server, modifying the HTML code of pages the user views, and intercepting usernames and passwords along with capturing screenshots of the web page that the user browses.
In addition, Silentbanker downloads a file configured to include the domain names of over 400 banking sites across the world, Omurchu said.
Silentbanker isn't the only Trojan to attack online bank accounts. In late 2007, security company SecureWorks discovered the 'Prg Banking Trojan' that affected numerous bank customers in the UK, the US, Spain and Italy.
Related article: Another Worm Using Bush’s Theme Creeps Into PCs
» SPAMfighter News - 24-01-2008