Gangster's ATM: New 'Trojan horse' opens your bank account to crooks
Sep 30th 2009 12:30PM
Updated Dec 4th 2009 3:54PM
Call it an ATM for cyber-crooks -- and the cash could come out of your account.
Web security sleuths have found a new type of "Trojan horse" that steals your bank log-in name and password, then proceeds to drain money from your account -- while you're logged in.
The new Trojan, called URLZone, features a number of innovations not widely seen in Internet crime. For example, the Trojan can estimate precisely how much money to steal based on how much dough you have in your account, and can even siphon money in small increments to evade detection.
"It's a next generation bank Trojan," Yuval Ben-Itzhak, chief technology officer at Finjan, a cyber-security firm, told CNET News.com. "This is part of a new trend of more sophisticated Trojans designed to evade antifraud systems."
A Trojan horse is a type of malware -- or malevolent software -- that allows criminals unauthorized access to the user's computer system. Details of URLZone appear in a new report by Finjan's Malicious Code Research Center.
URLZone takes advantage of vulnerabilities in web browsers, including Firefox and Internet Explorer, then executes a program on Windows systems -- which means if you're running a Mac, you're safe. For now.
"As we covered in previous reports, cybercrime pays," Finjan researchers wrote in the report. "Financial data remain the prime target. Cybergangs and their methods keep on refining their attacks to generate as much income as possible, while avoiding detection."
During 22 days in mid-August, the cyber-crooks operating URLZone stole nearly $438,000, according to the security company. The bad guys infected about 6,400 computer users, according to PC World, and stole an average of $1,750 per day.
The criminals were able to infect about 7.5 percent of the 90,000 computers they attacked before Finjan managed to infiltrate the hackers' command-and-control server located in Ukraine, according to PC World. Once your computer becomes infected, URLZone steals your bank account info before contacting the command server, which then instructs your own computer how much money to wire, in what increments, and where to send the stolen virtual stacks.
Ominously, URLZone is even more sophisticated than its predecessor Trojans, which already have the ability to take over your computer, steal your personal data, and even remotely command your computer to help the hackers steal.
URLZone allows internet thieves to evade common bank fraud detection systems. For example, the bad guys can ensure your balance never falls below zero, as well as make a series of small withdrawals in an effort to evade detection. They can also make phony data appear on your account home page.
"Basically they say, 'I will steal from you €5,000, but I want to make sure at least 5 percent will remain in your balance,'" Ben-Itzhak told PC World.
"Online bank users should be alert, and make sure that their web security is updated," Finjan concluded in its report, which is well worth reading. "For banks and financial institutions, their best defense is a unified web security solution with real-time content inspection."