Posts Tagged ‘banking Trojans’

Cyber securityA botnet, called Qbot, to have infected over 500,000 systems.

Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe.

According to Proofpoint, attacks by type drive-by-dovnload carried out with the help of compromised sites on the WordPress platform. (more…)


Trojan via Skype

The updated version of bank malicious software Shylock appeared in open access.

According to security experts from the Danish company CSIS Security Group, last week publicly available update has started to extend banking trojan Shylock. One of the new features is the ability of the virus spread through Skype.

This addition allows a trojan to dispatch messages and harmful files by means of the client of the popular VoIP-service established on infected system. At this Shylock it is capable to bypass precautionary messages of Skype, and also to erase traces of the activity from its history.

Earlier in the Trojans already been implemented functional spread itself through instant messaging services such as MSN Messenger and Yahoo Messenger. Virus sends malicious links casual contacts in these applications. (more…)

HackersIn the course of work botnets and bank trojans there is a collecting a large number of passwords.

Usually only registration data from financial services, such as online banking are interesting to malefactors. What to do with other information, not to vanish it. The known researcher in the field of IT safety Brian Krebs learned, how much sell passwords from usual sites, like online stores and social networks. It appears, on them too there is a certain demand. The normal price of such account in the retail market — two dollars. Some accounts from more rare and exotic services can be on sale more expensively, others — are cheaper.

From the computer of the ordinary user it is possible to take one hundred passwords for different sites, some tens from them can be suitable for sale. For example, an account in online store with history of purchases, an account in Facebook with a large number of friends, accounts of delivery services of and (for roguish schemes of the redirection of goods), etc. (more…)

Online bankingRemote banking and electronic payments via the Internet has made our life more comfortable – banking operations can now be performed from any location equipped with Internet access, without visiting a bank office.

However, we must constantly ask ourselves the question: how much of our equipment protected from the banking malware? A timely manner, we update their browsers and operating systems? It is known that about 85% of Internet users neglect regular installing the latest OS and application patches, thus increasing the possibility of breaking their digital devices almost tripled.

Number of programs, data stealing online banking is growing rapidly, the infection rate increased sharply banking malware. Take, for example, the rapid spread malware Citadel. This Trojan is designed specifically to attack Internet users and continuously improved since its introduction. Citadel is based on the code of one of the oldest and most popular in the hacker environment malware – bot Zeus. Since its release in the clear code of Zeus was the basis for the development of a set of banking Trojans, such as the latest versions IceIx and Citadel.

Just as Zeus, Citadel sold on the black market in the form of development packages that include the code and tools for its further improvement. Development packages allow cybercriminals to quickly and easily refine and customize the Trojans in accordance with their needs and characteristics of their botnet command infrastructure. Citadel authors went further, launching an online platform through which consumers can request packets from the authors Citadel options, report bugs, and even offer modules that extend the functionality of the Trojan. Thus, the malware has already turned into a full service, and the hacker community and their customers – to a full social network! (more…)


Browser extension

Specialist anti-virus protection Zoltan Balazs announced the creation of a special program, which looks like an extension to the browser and perform almost all the functions typical of malware.

In particular, Balazs’s extension supports remote management, modification viewed web-pages, download and execute external code, theft of login information to log in to various services, bypassing two-factor authentication on the web-sites, and more. Among other things, Bazals promises to publish its program code in a public repository GitHub as an experimental corroboration of its findings about the vulnerabilities of modern browsers.

Balazs himself working in the Hungarian branch of the well-known consulting firm Deloitte. His product, he decided to show what risks may pose a browser extension and the antivirus industry attention to this problem. Prior to the open publication Balazs shared his code with the major vendors.

When to use browser extensions for criminal activities are known. So, in May of this year, it was discovered an extension to the browser Chrome, which inserts false advertising page on Wikipedia. However, so far malicious extensions mainly served for fraud with online advertising, or for processing search requests to a fake website. Balazs development shows that such extensions can be used for more serious attacks. (more…)