Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new botnet has been detected that steals passwords and login credentials and has targeted more than 100 financial and banking domains.
The Jericho botnet was a variant of banking trojans like Jorik, according to Palo Alto Networks which discovered 42 samples of the malware.
Each unique but related botnet sample was delivered from Israeli IP space, but the engineering of the file appears to be of Romanian origin. The majority of URLs used to deliver the malware ended in ierihon.com (Ierihon means “Jericho” in Romanian).
The malware was designed to avoid traditional signature-based anti-virus detection and could inject itself into the Windows logon to maintain persistence on the infected host after a reboot.
"What was a bit more interesting was just how efficient the malware was at injecting itself into valid applications such as Firefox, Chrome, Java, Outlook and Skype, and then repurpose their capabilities," the company said. "This not only enables the malware to hide within approved applications during run time, but it also means that standard methods for observing Windows API calls are subverted.”
The top anti-virus solutions detected 3.2 per cent of the 42 samples analysed, a number that increased to 39 per cent over a week.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
