New Banking Trojan: A Nasty And Formidable Foe

Malware is getting more and more sophisticated. Bent on destruction, it is seemingly immune to modern weapons. One such Trojan horse program is very sophisticated and it keeps reinventing itself in its greedy quest to empty bank accounts.

The URLzone Trojan, which was recently discovered by Finjan Software, is highly advanced and proof positive that the bad guys are keeping up with technology as well as the good guys (if not being a step ahead, sad to say). This strain of malware rewrites bank pages; victims do not know that their accounts have been tampered with and emptied in many cases. Its interface is sophisticated and diabolical as it’s command-and-control feature allows the bad guys pre-set the percentage of the account balance they wish to clear out!

URLzone is a formidable adversary.. RSA researchers claim that this malware utilizes several techniques to discover those machines that have been set up by investigators and law enforcement, and so far, they have been impossible to fool.RSA Security was founded by and named after the inventors of public key cryptography: Ron Rivest, Adi Shamir and Leonard Adelman. According to Aviv Raff, RSA’s Fraud Action research lab manager:

“We typically create programs that are designed to mimic the behavior of real Trojans. When URLzone identifies one of these, it sends it bogus information. Security experts have long published research into the inner workings of malicious computer programs such as URLzone…Now the other side knows that they are being watched and they’re acting.”

URLzone is merciless when it discovers a program established by the “good guys.” Some malware might be content to simply disconnect, but not URLzone. The server forces money transfers, but not by one of their own people recruited to move cash overseas. They choose an innocent victim; someone who has received legitimate money transfers from other hacked computers on the network. To date, more than 400 legitimate accounts have been manipulated in this manner.

The idea is to confuse researchers and to prevent the criminal’s real money mules from being discovered. Although banking Trojans are not new and have been responsible for the loss of many accounts of innocent people, the URLzone represents the first of a frightening and smarter generation of malware. To date, according to police dog, Finjan, this banking Trojan infected as many as 6,400 computers last month alone and was clearing a hefty $17,500 per day!

One can only wonder if Andrew Jackson wasn’t right after all.

It has been said that Old Hickory didn’t trust banks. If your money isn’t safe there, where can it ever be?

Source : http://amog.com/

Protect your mobile : anywhere, anytime !

Many endpoint security solutions protect laptops and remote client tools only when they are connected to the network, leaving these devices open to malicious attacks and data interception. Implementing a comprehensive approach to endpoint security can mitigate the risks of theft, malware, and other vulnerabilities to increase data protection and help your company avoid the consequences of information loss and leakage.

Same goes to stealing information while you are accessing your personal information from public hotspots what so called ” Evil Twin” attacks. In this scenario a hotspot user connects to the “Evil Twin” wireless access point, believing it to be a legitimate commercial hotspot. Once connected the hacker impersonates a legitimate hotspot, and records all information entered into the web page, which can include your passwords, emails or worse credit card information.

This concept is very similar to the email “phishing” scams, where a message is sent to users tricking them to enter confidential information, such as bank account information or other sensitive username and password combinations. The process of tricking someone to voluntarily provide confidential information has been used for years in a variety of forms; more generally it is known as “social engineering”.

Every wireless device that is Wi-Fi enabled actually makes the hacker’s job even easier. Every device continues to “probe” for access points it has been connected to in the past. If the Wireless Connection manager in Windows XP sees a legitimate SSID it will automatically re-connect to that access point. All the hacker has to do is give his soft AP a default SSID, such as “linksys”, “boingo”, “home” or “public” and the laptop will automatically establish a wireless connection without any required user action.