Banking Trojan that steals money
Facebook Twitter google+ RSS Feed

Banking Trojan that steals money

By SiliconIndia   |   Wednesday, 30 September 2009, 06:42 Hrs
Printer Print Email Email
Bangalore: Finjan, a security firm, has discovered a new type of banking Trojan horse which steals money from users when they log into the bank account. The Trojan steals money from user's account and leaves behind a fake balance. This Trojan is called URLzone and has features designed to avoid fraud detection systems which are triggered by unusual transactions. "It's a next generation bank Trojan. This is part of a new trend of more sophisticated Trojans designed to evade antifraud systems," said Yuval Ben-Itzhak, Chief Technology Officer at Finjan to CNET.

A user get infected by this Trojan by opening an e-mail and clicking on a link to a website created to distribute malware or by visiting a site that has been compromised and has malware hidden on it. This malware toolkit is called LuckySpoilt, and its exploits the browser and install the Trojan on the computer. The Trojan stays dormant until the user visits bank's site. When user checks his or her account online the Trojan checks balance and calculates how much money to steal from the account on the basis of balance. It then withdraws reasonable amount of money from the bank account which will not trigger the fraud detection system.

According to Ben-Itzhak, 90,000 computers visited the sites housing the malware and 6,400 of them were infected (7.5 percent success rate). Out of these few hundred visited their online bank account. During the span of 22 days in mid-August, the criminals behind the Trojan stole nearly $438,000.

Currently, the target of this Trojan is an unnamed financial bank in Germany. A command-and-control server in Ukraine send instructions to the Trojan software sitting inside the infected PCs. Finjan has notified German law enforcement authorities, Ben-Itzhak said.

The Trojan is so well programmed that it covers its track after stealing money. It hides the theft by erasing it from the report of account activity displayed to the computer user and shows a fake balance. A user will not know the real balance unless he checks his account from an uninfected computer or an ATM.

Experts on SiliconIndia
Santhosh  K
Sr. Soft. Engg.
Oracle India
Nehal Vyas
Sr. Team Lead
Cyberoam Tech.
Rani Malli
Sr. Director
Sr. Executive
Vijay Balkrishna Konduskar
Business Consultant
Imans Web Tech
Dr L P  Sharma
Technical Director
Reena Khanna
Dellas  Asse
sys-network admin
Computer Station
Write your comment now
Submit Reset