- Joined
- Jul 11, 2008
- Messages
- 5,769
- Points
- 48
http://news.google.com/news/more?hl...sult&ct=more-results&resnum=1&ved=0CCwQqgIwAA
[h=2]Malware can empty out your bank a/c[/h] Times of India - 11 hours ago
LONDON: Doing online banking frequently? Beware, as cyber-criminals have launched a new malware that not just steals your money from your bank, but also offers false reassurance that it's still there, experts have warned. The attack, a new version of ...
[h=2]How to hide the fact you've just robbed a bank online[/h] DaniWeb (blog) - 54 minutes ago
by Davey Winder on Jan 9th, 2012, 7:08 am Man-in-the-Middle (MITM) attacks are, sadly, not news these days; they are a fact of online life. But word of how the latest SpyEye Trojan-driven MITM attacks are using clever post transaction fraud systems to ...
All 2 related articles »
http://www.net-security.org/malware_news.php?id=1951
[h=1]SpyEye Trojan post transaction fraud schemes attack banks[/h]
Posted on 04.01.2012
Many of us tend to spend a little more than we intend during the holiday season and, with all the transactions hitting our accounts, it can be hard to keep track. During the final few weeks of 2011, Trusteer saw fraudsters take advantage of this trend with their latest fraud scheme.
Historically we’ve typically seen man-in-the-browser attacks take place at one of the three possible online banking phases:
Last year Trusteer noticed a Zeus configuration which targeted some major UK banks using an interesting injection into popular web-mail systems. At that time, this configuration aimed to hide email messages with specific text phrases it considered to be money transfer or payment confirmation emails.
Just before the recent holiday season, Trusteer came across a SpyEye configuration which attacks banks in the USA and UK. Instead of intercepting, or diverting, email messages the attack automatically manipulates the bank account transaction webpage the customer views.
The attack unfolds over through three major steps:
Step 1: Malware post-login attack - credentials stolen
a. Fraudsters infect the victim’s machine with Man in the Browser malware (any MitB malware, e.g. Zeus, SpyEye, Carberp), with a suitable configuration.
b. The malware is configured to ask the customer for debit card data during the login phase (HTML injection) – e.g. card number, CVV2, expiration month and year, etc.
Step 2: Fraudster commits fraudulent activity
c. With the customer’s debit card details, the cybercriminals then commit card-not-present transaction fraud by making a purchase or transferring money over the telephone or the internet.
d. The fraudsters immediately feed the fraudulent transaction details to the malware control panel.
Step 3: Malware post-transaction attack with fraud hidden from view
e. The next time the victim visits their online banking site, the malware hides (“replaces”) the fraudulent transactions in the “view transactions” page, as well as artificially changing the total fraudulent transaction amount to balance the totals. As a result, the deceived customer has no idea that their account has been ‘taken over’, nor that any fraudulent transactions have taken place
Of course, if the victim still receives statements through the mail, the transactions will eventually be detected. However, with many customers encouraged to ‘go paperless’, it could take many months before the fraudulent activity is identified.
Amit Klein, Trusteer's CTO said, “I predict that the use of post transaction attack technology will significantly increase as it enables criminals to maximise the amount of fraud they can commit using their initial investment in malware toolkits and infection mechanisms with little additional effort as it is cheap to buy and easy to use.”
<center>
</center>
[h=2]Malware can empty out your bank a/c[/h] Times of India - 11 hours ago
LONDON: Doing online banking frequently? Beware, as cyber-criminals have launched a new malware that not just steals your money from your bank, but also offers false reassurance that it's still there, experts have warned. The attack, a new version of ...
[h=2]How to hide the fact you've just robbed a bank online[/h] DaniWeb (blog) - 54 minutes ago
by Davey Winder on Jan 9th, 2012, 7:08 am Man-in-the-Middle (MITM) attacks are, sadly, not news these days; they are a fact of online life. But word of how the latest SpyEye Trojan-driven MITM attacks are using clever post transaction fraud systems to ...
All 2 related articles »
http://www.net-security.org/malware_news.php?id=1951
[h=1]SpyEye Trojan post transaction fraud schemes attack banks[/h]
Posted on 04.01.2012
Historically we’ve typically seen man-in-the-browser attacks take place at one of the three possible online banking phases:
- During the ‘login’ phase - designed to capture login credentials
- At the ‘post login’ phase – with Webinjects used to social engineer, i.e. ‘trick’, the victim into providing personal information or downloading malware
- At the transaction phase - tampering with transactions on-the-fly in the background, typically changing payee details and/or the amount.
Last year Trusteer noticed a Zeus configuration which targeted some major UK banks using an interesting injection into popular web-mail systems. At that time, this configuration aimed to hide email messages with specific text phrases it considered to be money transfer or payment confirmation emails.
Just before the recent holiday season, Trusteer came across a SpyEye configuration which attacks banks in the USA and UK. Instead of intercepting, or diverting, email messages the attack automatically manipulates the bank account transaction webpage the customer views.
The attack unfolds over through three major steps:
- First a man-in-the-browser attack is launched on an online banking session and debit card data is captured
- Then the debit card data is used to commit fraud
- The next time the customer logs into their online banking site a post transaction attack is launched that hides fraudulent transactions from the victim.
Step 1: Malware post-login attack - credentials stolen
a. Fraudsters infect the victim’s machine with Man in the Browser malware (any MitB malware, e.g. Zeus, SpyEye, Carberp), with a suitable configuration.
b. The malware is configured to ask the customer for debit card data during the login phase (HTML injection) – e.g. card number, CVV2, expiration month and year, etc.
Step 2: Fraudster commits fraudulent activity
c. With the customer’s debit card details, the cybercriminals then commit card-not-present transaction fraud by making a purchase or transferring money over the telephone or the internet.
d. The fraudsters immediately feed the fraudulent transaction details to the malware control panel.
Step 3: Malware post-transaction attack with fraud hidden from view
e. The next time the victim visits their online banking site, the malware hides (“replaces”) the fraudulent transactions in the “view transactions” page, as well as artificially changing the total fraudulent transaction amount to balance the totals. As a result, the deceived customer has no idea that their account has been ‘taken over’, nor that any fraudulent transactions have taken place
Of course, if the victim still receives statements through the mail, the transactions will eventually be detected. However, with many customers encouraged to ‘go paperless’, it could take many months before the fraudulent activity is identified.
Amit Klein, Trusteer's CTO said, “I predict that the use of post transaction attack technology will significantly increase as it enables criminals to maximise the amount of fraud they can commit using their initial investment in malware toolkits and infection mechanisms with little additional effort as it is cheap to buy and easy to use.”
<center>
</center>
:*:
