New Banking Trojan: A Nasty And Formidable Foe

Malware is getting more and more sophisticated. Bent on destruction, it is seemingly immune to modern weapons. One such Trojan horse program is very sophisticated and it keeps reinventing itself in its greedy quest to empty bank accounts.

The URLzone Trojan, which was recently discovered by Finjan Software, is highly advanced and proof positive that the bad guys are keeping up with technology as well as the good guys (if not being a step ahead, sad to say). This strain of malware rewrites bank pages; victims do not know that their accounts have been tampered with and emptied in many cases. Its interface is sophisticated and diabolical as it’s command-and-control feature allows the bad guys pre-set the percentage of the account balance they wish to clear out!

URLzone is a formidable adversary.. RSA researchers claim that this malware utilizes several techniques to discover those machines that have been set up by investigators and law enforcement, and so far, they have been impossible to fool. RSA Security was founded by and named after the inventors of public key cryptography: Ron Rivest, Adi Shamir and Leonard Adelman. According to Aviv Raff, RSA’s Fraud Action research lab manager:

“We typically create programs that are designed to mimic the behavior of real Trojans. When URLzone identifies one of these, it sends it bogus information. Security experts have long published research into the inner workings of malicious computer programs such as URLzone…Now the other side knows that they are being watched and they’re acting.”

(Ther is more at the link: http://amog.com/tech/banking-trojana-nasty-formidable-foe/

Bernie Madoff was a trojan horse.

It will be fought on the cyber battlefield. I wouldn't be surprised if we learn this virus originated in some nation defense program of other government operated program...and not just the U.S...this is a hot new battlefront in Russia, China, Israel and many others...where the "best and brightest" are being hired to mole deep into computers or try to keep them out.

Banks have been notoriously slow and lax in staying ahead of the hackers and scammers. I recall 30 years ago seeing a geek buddy reroute bank transactions with his Radio Shack Trash-80 and a 300 baud (not kilobaud) modem. One can imagine how sophisticated this battlefield has become. When there's money and lots of it, there's always going to be someone who will want to try to take it...and economic and technical warfare is the next frontline...in many ways, the economic collapse of the past year is an end result.

Linux user here. All the stability and security of a Mac (if not more), without hardware lock-in.

I run Ubuntu for that reason, and it's free and trouble-free too. But there is nothing theoretical that prevents a hacker from going after other OSes, it's just a lot more work, and a smaller target population, and so on. On the other hand, with the Unices you have access to the code. Macs I would guess lie somewhere in the middle.

But pragmatically, if you want to hack to make money, or to boost your shrivelled ego, why go after anything but Windoze, the easy target?

Anything that connects to the outside world is vulnerable no matter which OS.

DesktopLinux.com: Central Command has discussed that it has seen numerous viruses, worms, and other malicious applications written to exploit vulnerabilities within Linux or Linux applications.Can you talk about the frequency of these reports -- are they increasing?

Keith Peer: We are seeing a growing interest by virus writers and virus writing groups to produce more Linux-based viruses, trojans and worms. While the relative number of Linux-based viruses is still small the initiative is there. On the Internet you can find Linux virus writing How-to's and Linux virus source code. Not too long ago Central Command's, Emergency Virus Response Team discovered the first cross compatible Windows/Linux virus named W32/Winux. This proof-of-concept virus demontrated that it is possible to build a virus that operates in both Windows and Linux and can infect executables in both operating systems. There is a growing resource list and tools to help existing and future virus writers to improve their work, sadly.

Linux and all UNIX/UNIX based OS are inherently more secure than any M$ OS including 7.

As for web/internet based vulnerabilities, we see that once again not all browsers are equal and M$ consistently produces the least secure applications. The company's adamant refusal to adhere to even the most rudimentary protocols leaves their customers woefully vulnerable and their massive financial clout ensures that few of them are aware just how open their systems are.

Oh and BTW, this Central Command is not the US military Central Command (CentCom) as their name clearly implies.

As I said-NO system that connects to the outside world is TOTALLY secure.

All one can do is take reasonable precautions, which is something most people don't.

I play on the hacker sites just to keep up with what is going on. I have at leat 5 computers up and running at any given time-using 3 variations of Windows and 3 distros of Linux. Hell I even have an old DOS machine that I use now and then just to keep my hand in.

I have had ONE infection in the last five years and that was because I trusted a disk someone gave me without scanning first. Took all of 3 minutes to clean.

But I make a living fixing people's computers that all had problems because of the Human 1.0 interface.

:hi:

every M$ OS is far more vulnerable (and inefficient, bloated, and just badly designed) than others. Further, the damage that an app can do is limited in sensible OSes because it cannot run rampant throughout the entire system.

As I said, Every UNIX based OS is inherently far more secure than windoze.

Human error is, of course, the number one cause of computer problems, but windoze is the world's most prevalent virus.

be criminal if M$ wasn't "too big to fail" and therefore above the law.

We were talking to companies about this very future 15 years ago, and because it cost some money, very few have done anything to prevent it. One client (bank with the initials BA) went so far as to fail to report a loss in the tens of millions to the Feds (as required by law) so they would not have to secure their systems or bear the publicity. It has only become worse since then.

It happens on servers and mainframes from what I can tell.

The only time my accounts were ever hacked, it was thru the bank, not my computer.

http://www.finjan.com/MCRCblog.aspx?EntryId=2345

If you read through it, you will see that it uses various and many Windoze specific features, e.g. the Registry and drive C:.