Wednesday, 28 October 2009

URLZone, A Newly Discovered Banking Trojan Rewrites History!!!



Well, it's official...Clampi, Zeus and Conficker are NOT alone. I said in earlier posts that it would only be a matter of time before another threat to online banking reared it's ugly head.  No I had to update my War of the World Wide Web graphic to include this one...(below)

I must admit, I didn't think it would happen this quickly.   Again...it avoids detection (see what I mean about prevention being better?) and it takes advantages of the inherent weaknesses in the browser...and the fact that we stupidly (sorry...naivete is no longer an excuse)  continue to "type" versus "swipe" when we authenticate ourselves online. 

Introducing URLZone, a NEW Banking Trojan. You know what IT does? It steals the user's online bank account log-in information, accesses your account, begins draining it and rewrites the code to cover it up. You think I'm kidding right?

Oh...but I'm not...

New Malware Re-Writes Online Bank Statements to Cover Fraud

According to Wired
, the malware, called URLZone, infects a computer when the user visits a compromised site, or a site set up by hackers.

Then, the program steals the user's bank account log-in information  (because it is TYPED) and begins draining funds that it then sends to other designated accounts. However, the victim doesn't realize the money is missing because the program rewrites the text in the html code. So, when the browser displays the page, it looks like either no money has been stolen or just a small amount has been transferred.

Think it's time to start accessing our online bank accounts without typing yet?  No?  Read on:

The new Trojan, called URLZone, features a number of innovations not widely seen in Internet crime. For example, the Trojan can estimate precisely how much money to steal based on how much dough you have in your account, and can even siphon money in small increments to evade detection.




"It's a next generation bank Trojan," Yuval Ben-Itzhak, chief technology officer at Finjan, a cyber-security firm, told CNET News.com. "This is part of a new trend of more sophisticated Trojans designed to evade anti-fraud "detection" systems.

The infected machines ended up with a bank Trojan – in this case, the URLzone bank Trojan. This nasty piece of crimeware has the following features:

  • It logs credentials and activities of bank accounts
  • It takes screenshots of webpages served by the websites mentioned before Installed on the victims’ machines, it steals money from the compromised accounts
  • It hides its fraudulent transaction(s) in the report screen of the compromised account
  • Its C&C server sends instructions over HTTP about the amount to be stolen and where the stolen money should be deposited
  • It also logs and reportson other web accounts (e.g., Facebook, PayPal, Gmail) and banks from other countries
A Trojan horse is a type of malware -- or malevolent software -- that allows criminals unauthorized access to the user's computer system. Details of URLZone appear in a new report by Finjan's Malicious Code Research Center.

URLZone takes advantage of vulnerabilities in web browsers, including Firefox and Internet Explorer, then executes a program on Windows systems -- which means if you're running a Mac, you're safe. For now!

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News