[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] New Malware Re-Writes Online Bank Statements to Cover Fraud
From: InfoSec News <alerts () infosecnews ! org>
Date: 2009-09-30 8:22:04
Message-ID: Pine.LNX.4.61.0909300321550.11121 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/
By Kim Zetter
Threat Level
Wired.com
September 30, 2009
New malware being used by cybercrooks does more than let hackers loot a
bank account; it hides evidence of a victim's dwindling balance by
rewriting online bank statements on the fly, according to a new report.
The sophisticated hack uses a Trojan horse program installed on the
victim's machine that alters html coding before it's displayed in the
user's browser, to either erase evidence of a money transfer transaction
entirely from a bank statement, or alter the amount of money transfers
and balances.
The ruse buys the crooks time before a victim discovers the fraud,
though won't work if a victim uses an uninfected machine to check his or
her bank balance.
The novel technique was employed in August by a gang who targeted
customers of leading German banks and stole Euro 300,000 in three weeks,
according to Yuval Ben-Itzhak, chief technology officer of computer
security firm Finjan.
"The Trojan is hooked into your browser and dynamically modifies the
text in the html," Ben-Itzhak says. "It's a very sophisticated
technique."
[...]
________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic