Finjan warns over new banking Trojan

October 1, 2009 | 14:59

Tags: #anti-virus #banking-trojan #firefox #internet-explorer #malware #theft #trojan #virus

Companies: #finjan #opera

Security researchers have discovered a new Trojan doing the rounds - and this is a particularly insidious bug, quietly siphoning money from your bank account and hiding its actions.

According to CNet, the Trojan - dubbed URLZone - is part of a design-your-own toolkit discovered by researchers working for security firm Finjan. Capable of exploiting holes in most major browsers - Firefox, Internet Explorer versions 6, 7, and 8, and Opera - the Windows-only executable uses a variety of tricks to avoid detection and remain active long enough to siphon money from on-line banking systems.

Capable of being customised to tailor its attacks to any bank, the particular version analysed by Finjan's researchers was targeting a German bank - and not without success. During a 22-day monitoring period in August, Finjan was able to access the command and control server to which the Trojan reported and watch it steal around £273,000 from "a few hundred" accounts. The company's research also unveiled a somewhat worrying 7.5 percent infection rate, with around 6,400 of the 90,000 visitors to the server hosting the malware becoming infected.

In order to hide its activities, the Trojan can be customised with a minimum and maximum transfer amount - high enough to be worth the risk, but low enough to avoid the anti-fraud systems in place at the bank that the Trojan is targeting being triggered. The system can also be programmed to leave a certain amount of available balance in the account - thus avoiding alerting the user with e-mails that they are likely to go overdrawn.

The Trojan then silently intercepts communication between the browser and the bank's site, altering information on the fly and ensuring that the available balance shown to the user remains static - meaning that as far as the end user is concerned, the illegitimate transactions never appear on screen at any time.

Now that this version of the Trojan has been analysed, detection should be forthcoming in the major anti-virus packages. However, modified versions will likely be coming thick and fast in the coming months - and there will always be a gap between a new piece of malware being released and detection being added to anti-virus applications. As usual, a defence-in-depth model seems most appropriate: don't click strange links, keep your system up to date, and use something like NoScript to disable untrusted JavaScript.

As is so often the case, Mac OS and Linux users are unaffected by the Trojan, which is written specifically to run on Windows-based machines.

Does the thought of a Trojan so insidious fill you with fear, or did you always know that on-line banking was a bad idea? How do you ensure your safety - and that of your less-technical family and friends - on the Internet? Share your thoughts over in the forums.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04