The Web    Google
Virus-Powered Phishing Unleashed

Virus-Powered Phishing Unleashed
November 17, 2004

Security researchers are warning of a new Trojan that hijacks users' banking information, allowing hackers to empty their accounts.

So far this new type of Trojan has been sweeping Brazil and, more recently, Great Britain. But analysts say they expect it to arrive on U.S. shores shortly.

''This is pretty nasty,'' says Graham Cluley, a senior technology consultant for Sophos, an anti-virus and anti-spam company based in Lynnfield, Mass. ''If they grab hold of your user name, password, and PIN number, then potentially they can empty your bank account. This is working in a much sneakier way than your average phishing email.''

Cluley says that with users starting to catch onto phishers' email schemes, the hackers are sending out this new type of Trojan. Once the malware infects a Windows PC, it silently lies in the background, waiting for the user to go to an online banking Web site. Once the Trojan detects that the browser is on a banking site, it 'wakes up' and begins capturing key strokes and taking screen snap shots. The information is then sent back to the hacker, who uses it to break into the account.

''We've been telling people not to click on the link when they get what looks like a phishing email,'' says Cluley. ''We tell them to go to their bank's site by typing in the Web address in their browser. These Trojans rely on you doing just that... This is much more subtle. It's spying over your shoulder really.''

Cluley says the Trojan first reared its head in Brazil, raising a lot of havoc there. Now it's in full attack on Great Britain, targeting users of online banks like Barclays, HSBC, Lloyds TSB and NatWest.

The researcher also notes that he hasn't seen any of the Trojans containing code that specifically targets U.S.-based banks, but he figures it's only a matter of time before that happens.

''I wouldn't be surprised at all,'' adds Cluley. ''Despite the arrests in Brazil, we've seen dozens and dozens of new phishing Trojans coming out. I wouldn't be surprised if it soon turned to American banking customers.''

Sophos is warning users to keep their anti-virus software and patches updated, while running a strong firewall.

  • A case study in security incident forensics and response.
  • Worldwide Security Server Appliance Market Hits $379 Million
  • 10/27: Famus-C Worm Sends Private Data
  • Look Out For 3-Headed Plexus Worm
  • InstaGate SCM Offers Integrated Secure Content Management
  • AntiOnline Spotlight: Trojan Force
  • 1/25: Sdbot-TW Worm Has Backdoor Functions
  • 2/21: Derdero-B Worm Uses File Sharing
  • 7/23: Psyme-AI Downloads, Executes Trojan
  • 4/8: Mytob-S Worm Continues to Flourish
  • AOL Touts Increased Broadband Security
  • Discussion on Security Camera