that time of month to pay debts, services, investments, payroll and what better to do with the online banking service of your bank. So you access the system, perform the banking operation, receive proof of completion of operation and close the session. Nothing could be simpler, you'd think, at least to discover that the supposed output of the system never happened and it was not until that another user (a hacker), who managed to keep alive the connection with the bank decides.
sounds like espionage game but according to a report of Trsuteer security firm, a new banking Trojan, named Oddjob, has the ability to hold a meeting open online banking users, although he is no longer the site or off the system.
"Although the service users believe they have been safely removed from service, the Trojan keeps the session open, allowing their drivers to obtain large amounts of money or even entire accounts empty," cites Trusteer analysis.
According to experts of the firm Oddjob is a substantial change in the theft of financial information, as the malware does not need to pass or break security controls such as dual-factor Bank authentication, digital cash to steal because it is the user who gets access to the system.
The company has already warned several U.S. financial institutions, Latin America, Denmark and Poland, some of the countries where it has detected the presence and use of the Trojan.
"The most interesting aspect of this malware is that it is in the process of evolution. In recent days we have detected new features, changes or additions to the program services, which receive from your Command Center (C & C). Oddjob sure we continue to evolve to improve data theft, "said Trusteer. Oddjob
While it is not a mass mailing malware, such as Zeus and SpyEye (some with ranges of infection ellso close to 300,000 PCs per week), experts say it has the advantage of being more effective than these two are not breaking locks compromised accounts.
Oddjob has the ability to steal passwords and compromise, inject fake code on websites to spread effectively, but Trusteer adds that their biggest advantage is to leverage existing bank meeting for the digital cash robbery. NetMedia
0 comments:
Post a Comment