More Trouble from Banking Trojans

Sue Marquette Poremba

It looks like we're back to worrying about banking Trojans. This time, a particular Trojan tricks users into essentially stealing from themselves and transferring funds directly into the cybercrooks' account.


According to a post on Krebs on Security by Brian Krebs:

The German Federal Criminal Police (the "Bundeskriminalamt" or BKA for short) recently warned consumers about a new Windows malware strain that waits until the victim logs in to his bank account. The malware then presents the customer with a message stating that a credit has been made to his account by mistake, and that the account has been frozen until the errant payment is transferred back.

Then, when the user checks his account, Krebs continued, the malware makes a modification to the amount shown:

It appears that he has recently received a large transfer into his account. The victim is told to immediately make a transfer to return the funds and unlock his account. The malicious software presents an already filled-in online transfer form - with the account and routing numbers for a bank account the attacker controls.

PC World also had an article about banking Trojans, this one about a new variation of SpyEye designed to circumvent the new security features banks have added. The article said:

Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.

SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That's a key trigger for banks to block a transaction. So SpyEye's authors are now trying to mimic -- albeit in an automated way -- how a real person would navigate a website.

The Register refers to the cybercrooks as "scumbags" in its article about the banking Trojan. I think that's a pretty accurate term.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.