Publications
Partners
Cape Town - The rise of online banking has given birth to a new form of cybercrime, namely the theft of payment information, according to Nikolay Grebennikov, CTO at Kaspersky Lab.
He warns that fraudsters keep developing new ways of bypassing protective systems for financial data.
In 2012 alone Kaspersky Lab detected more than 3.5 million attempted ZeuS Trojan attacks on 896 000 computers in different countries.
According to Wikipedia a Trojan horse (or Trojan) is a hacking program, which gains privileged access to the operating system while appearing to perform a desirable function.
It drops a malicious payload, often including a backdoor allowing unauthorized access to the target's computer.
These backdoors tend to be invisible to average users, but may cause the computer to run slowly. Trojans do not attempt to inject themselves into other files like a computer virus.
Grebennikov said banking Trojans are the most dangerous kind of specialised malware. Once installed on a victim’s computer a Trojan, as a rule, automatically collects all payment data, and sometimes even conducts financial transactions on the victim’s behalf.
Criminals use multi-targeted banking Trojans, able to attack customers of different banks and payment systems, as well as Trojans targeted at a specific bank’s customers.
Criminals may send out Trojans in phishing letters, which lure a user into following a link or opening an attached file that turns out to be malicious.
For mass distribution of banking Trojans they also actively exploit vulnerabilities in Windows and popular applications.
After furtively penetrating the system, exploits load a Trojan on to an infected computer. In order to attack more efficiently, criminals use exploit packs - a set of various exploits for different vulnerabilities.
Once on an infected computer, Trojans use the following techniques:
* Intercepting keyboard input. Trojans detect key strokes, which help perpetrators steal the account data of online banking users;
* Making screenshots of a form with financial data entered;
* Bypassing virtual keyboards, giving criminals details of the symbols clicked on a virtual keyboard;
* Changing hosts' files, which redirect users to fake websites even when the address of a legal site is entered manually;
* Injection into browser processes lets Trojans control browser connections to a server.
The perpetrators can gain account data, which the user enters at a bank site, as well as modifying the contents of the online banking entry page with additional forms (webInject).
They can, for instance, request a credit card number, owner's name, expiration period and secret word. In this way perpetrators gain access to additional confidential information.
Moreover, banking Trojans are able to bypass additional security layers such as two-factor authentication with one-time passwords (TAN codes).
One of the approaches the ZeuS Trojan uses works like this: As soon as the victim enters an online banking system and inputs a one-time password, the malware displays a fake notification stating the existing list of TAN costs is invalid and inviting the user to get a new list of passwords.
To do this the victim needs to enter all available TAN-codes into the relevant form, created by ZeuS through the webInject method, for “further blocking”.
As a result the criminals acquire all the victim’s codes, and can immediately use them to transfer the money to their own accounts.
- Fin24
He warns that fraudsters keep developing new ways of bypassing protective systems for financial data.
In 2012 alone Kaspersky Lab detected more than 3.5 million attempted ZeuS Trojan attacks on 896 000 computers in different countries.
According to Wikipedia a Trojan horse (or Trojan) is a hacking program, which gains privileged access to the operating system while appearing to perform a desirable function.
It drops a malicious payload, often including a backdoor allowing unauthorized access to the target's computer.
These backdoors tend to be invisible to average users, but may cause the computer to run slowly. Trojans do not attempt to inject themselves into other files like a computer virus.
Grebennikov said banking Trojans are the most dangerous kind of specialised malware. Once installed on a victim’s computer a Trojan, as a rule, automatically collects all payment data, and sometimes even conducts financial transactions on the victim’s behalf.
Criminals use multi-targeted banking Trojans, able to attack customers of different banks and payment systems, as well as Trojans targeted at a specific bank’s customers.
Criminals may send out Trojans in phishing letters, which lure a user into following a link or opening an attached file that turns out to be malicious.
For mass distribution of banking Trojans they also actively exploit vulnerabilities in Windows and popular applications.
After furtively penetrating the system, exploits load a Trojan on to an infected computer. In order to attack more efficiently, criminals use exploit packs - a set of various exploits for different vulnerabilities.
Once on an infected computer, Trojans use the following techniques:
* Intercepting keyboard input. Trojans detect key strokes, which help perpetrators steal the account data of online banking users;
* Making screenshots of a form with financial data entered;
* Bypassing virtual keyboards, giving criminals details of the symbols clicked on a virtual keyboard;
* Changing hosts' files, which redirect users to fake websites even when the address of a legal site is entered manually;
* Injection into browser processes lets Trojans control browser connections to a server.
The perpetrators can gain account data, which the user enters at a bank site, as well as modifying the contents of the online banking entry page with additional forms (webInject).
They can, for instance, request a credit card number, owner's name, expiration period and secret word. In this way perpetrators gain access to additional confidential information.
Moreover, banking Trojans are able to bypass additional security layers such as two-factor authentication with one-time passwords (TAN codes).
One of the approaches the ZeuS Trojan uses works like this: As soon as the victim enters an online banking system and inputs a one-time password, the malware displays a fake notification stating the existing list of TAN costs is invalid and inviting the user to get a new list of passwords.
To do this the victim needs to enter all available TAN-codes into the relevant form, created by ZeuS through the webInject method, for “further blocking”.
As a result the criminals acquire all the victim’s codes, and can immediately use them to transfer the money to their own accounts.
- Fin24
