Trojan can grab extra personal banking data

A Trojan can add data entry fields to legitimate online banking sites and entice consumers to give up additional information.

A Trojan horse program now available to a growing number of fraudsters can add data entry fields to legitimate online banking sites and entice consumers to give up sensitive information such as bank card numbers and PINs (personal identification numbers).

The Limbo malware integrates itself into a Web browser using a technique called HTML (Hypertext Markup Language) injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions, a division of EMC. Because it's so closely integrated in the browser, it can operate even while the user is at the real bank site and can actually change the layout of that site, he said.

"If phishing were a stock, I would invest in it

"Nothing tells you that something is wrong here, with one exception: You're being asked to provide some information that you were never asked to do before," Rivner said during a briefing for reporters and analysts earlier this week. "If you are convinced that you are now communicating with the bank, the fraudsters can get away with anything they like."

Limbo can get onto a user's computer through many paths, including both pop-up messages that ask you to download an add-on program and methods that are invisible to the user, he said. They sometimes get on to PCs in conjunction with other phishing attacks.

And like other malware programs, Limbo is becoming available to more fraudsters through an underground market that includes a complex supply chain and falling prices, according to Rivner. Limbo costs about US$350, down from about $1,000 a year ago and $5,000 two years ago, he said.

"The big trend here is that it's becoming affordable," Rivner said.

The online fraud marketplace consists of "harvesters" who collect user information and "cashout" operations that use the information to do whatever has to be done to translate that information into money. For example, harvesters may capture credit-card numbers and cashout operations may use those cards to buy products online, have them delivered to an address, and sell them on the black market, he said. The two classes of fraudsters typically meet and do business with each other in IRC chatrooms and dedicated Web forums, where the most successful fraudsters are the ones who develop a reputation for working reliably and honestly with other participants, Rivner said.

Now, some fraudsters are taking a SaaS (software-as-a-service) approach, selling malware, access to botnets and everything else a person needs to become a harvester of data on unsuspecting consumers, according to Rivner. Having paid the price for this service, the harvesters can then take the identities stolen with it and sell them at a profit. The ease of going into business with this model may dramatically increase the volume of online fraud, he said.

"If phishing were a stock, I would invest in it," Rivner said.

At RSA, the encryption giant that became EMC's security business through a US$2.1 billion acquisition in 2006, the target for combatting online banking fraud is the cashing-out step. The company sells software that looks at every transaction a customer makes and assesses the level of risk, Rivner said. It may look at the IP (Internet Protocol) address from which the site is being accessed, as well as that user's typical pattern of transactions. If the risk level is high, the bank can block the transaction and contact the customer directly, he said.

This approach is increasingly being used by banks because of the difficulty of tracking down and eradicating malware and phishing, Rivner said. There may be numerous Trojans on a customer's computer, but the bank isn't hurt by any of them until a fraudster tries to use them to divert money from an account, he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareonline bankingtrojan

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?