Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new banking trojan called URLZone enabled cybercriminals to steal roughly US$439,000 ($A496,000) from German bank accounts during a recent 22-day crime spree, according to researchers at web security firm Finjan.“So far, this is the most sophisticated bank trojan that we have seen,” Yuval Ben-Itzhak, CTO of Finjan, told SCMagazineUS.com. Details of the URLZone trojan, which not only retrieves banking credentials but also steals money from compromised accounts, were revealed in the third issue of Finjan's 2009 Cybercrime Intelligence Report, released this week. Other notorious banking trojans, such as Zbot, only aim to steal credentials, which later are used by attackers to log into a victim's account to steal money. But with URLZone, the transaction takes place from an infected user's machine, Ben-Itzhak said. In addition, the trojan was crafted to include several sophisticated features that help attackers avoid detection from anti-fraud systems and victims.The trojan began propagating in mid-August, according to Finjan. The malware writers used a software tool known as LuckySploit, available on hacking forums for US$100 to US$300, to inject vulnerable legitimate websites with malicious code that aims to install the trojan onto users' computers. The malware exploited vulnerabilities in Internet Explorer (IE) 6, IE7, IE8, Firefox and Opera, Ben-Itzhak said. Out of 90,000 individuals who visited one of the compromised sites, 6,400 were infected with the trojan -- or one out of every 14 to 15 visitors. Once a user was infected, the trojan received instructions from the attackers command-and-control server, hosted in Ukraine, to steal a certain amount of money from the victim's bank account and transfer it to the account of a so-called “money mule.” Money mules are individuals who have been unwittingly hired by cybercriminals under the guise of work-at-home schemes. They are tasked with transferring the stolen money, after a deduction of their own commission, into a bank account provided by the attacker. Attackers also sent instructions to the trojan to ensure that the amount of money stolen did not deplete the victim's account and that a random amount is stolen each transaction, indicating attackers had an understanding of banking anti-fraud systems, which are designed to detect unusual transactions. In an even more sophisticated ploy, the trojan altered the victim's online banking page to change the amount of the transfer to a smaller number. In one transaction, the cybercriminals stole more than US$8,000, but to the victim it appeared as a US$53 transaction. Finjan discovered the hub used in the attack on August 24, and it is no longer running, Ben-Itzhak said. German law enforcement was notified. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.