Trojan nabs 1000 customers at National
- — 16 June, 2006 11:19
A hoax e-mail which claims the National Australia Bank is bankrupt has already infected 1000 customers with malicious code in the form of a trojan.
The e-mail is sent specifically to NAB customers globally, as well as the customers of up to 12 other banks worldwide.
The scam works via a hoax e-mail sent to NAB customers, which says "People are starting panic withdrawals, some of the accounts were reported closed due to technical reasons, many ATMs are not operating. Does it seem that one of the Australia's greatest goes bankrupt?"
"The full story can be found here: [Malicious URL]" Well, hope that isn't true... Anyway you'd rather check your balance."
NAB customers are asked to click on a URL that loads trojan-style code onto a user machine which automatically saves and sends password and login details to a third party when the user goes to the actual bank Web site.
The malicious Web site, and code, was first discovered by Websense labs in Australia on April 5, 2006. The code directly affects a flaw discovered in Internet Explorer, for which a patch was released on April 11 this year. Mozilla Firefox users are also at risk.
Joel Camissar, Websense Australia manager said the trojan monitors Internet Explorer sessions and waits for users to access one of 12 financial Web sites. Once a login process has begun the trojan creates a customized pop-up window designed to mimic the actual bank log-in page.
"Just by viewing a Web site infects people with this Trojan, but because of an unpatched vulnerability in the Microsoft Operating System just viewing the Web site, which the URL sent in the mail links to downloads, the payload and the user will not realize it until they are infected," Camissar said.
"People have to be silly to believe the National Australia Bank is bankrupt.
"The trojan has now been named "hackdoor" and is a variant of the original "banker" virus we (Websense) discovered on April 5."
The National Australia Bank has since released a statement reminding customers of the dangers in responding to malicious e-mails.
A spokesperson for the NAB said the difference between this scam and phishing e-mails is that "bankruptcy" is packaged as a rumour.
"We are directing customers to call our security line if they have clicked on this URL link, to ensure we can help them and ensure the safety of their personal accounts and personal information," she said.