Trojan attack warning

Update your browsers!

An international gang of cyber crooks is plotting a major campaign to steal money from the online accounts of thousands of consumers at 30 or more major US banks, security firm RSA warned.

In an advisory Thursday, RSA said it has information suggesting the gang plans to unleash a little-known Trojan program to infiltrate computers belonging to US banking customers and to use the hijacked machines to initiate fraudulent wire transfers from their accounts.

If successful, the effort could turn out to be one of the largest organized banking-Trojan operations to date, Mor Ahuvia, cybercrime communications specialist with RSA’s FraudAction team, said today. The gang is now recruiting about 100 botmasters, each of whom would be responsible for carrying out Trojan attacks against US banking customers in return for a share of the loot, she said.

[…] The latest discussion suggests that they now have individual consumer accounts in their crosshairs, Ahuvia said, warning that the gang plans to attempt to infiltrate computers in the US with a little known Trojan malware program called Gozi Prinimalka.

The malware is an updated version of a much older banking Trojan, Gozi, which was used by cyber criminals to steal millions of dollars from US banks. The group’s plan apparently is to plant the Trojan program on numerous websites and to infect computers when users visit those sites.

The Trojan is triggered when the user of an infected computer types out certain words — such as the name of a specific bank — into a URL string.

Unlike the original Gozi, the new version is capable not only of communicating with a central command-and-control server but also of duplicating the victim’s PC settings. The Trojan essentially supports a virtual machine cloning feature that can duplicate the infected PC’s screen resolutions, cookies, time zone, browser type and version and other settings. That allow the attacker to access a victim’s bank website using a computer that appears to have the infected PC’s real IP address and other settings, Ahuvia said.

2 thoughts on “Trojan attack warning

  1. Those articles frustrate the hell out of me. Which operating systems are vulnerable? If it’s OS-independent, which browsers are vulnerable? Which versions are current enough to be immune to this particular set? Should you turn off all scripts, or doesn’t that matter in this case? Is it just a click-on-the-link type of thing? How about junk email? Etc., etc., etc.

    All they have to say is, “Woo! Scary!” with not one hint about what might be useful to do. Except for the constant (and stupid) “update your browser.” That may or may not help. It depends, and they tell us nothing about those dependencies.

    (Not carping at you, susie. Carping at the article.)

Comments are closed.