Wednesday, September 23, 2009

Zeus and Clampi Steal Online Banking Credentials



Earlier I posted about Clampi, an online banking Trojan. Many have called it "The Big One." In fact here is a quote:



"We weren't all that worried about Storm, and we weren't all that worried about Conficker, This one you need to worry about." "The best strategy to defend against Clampi is to use separate machines for Web surfing and funds transfer"



- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.



Now the PIN Payments News Blog has learned that there's another "online banking" Trojan, called Zeus.  According to SearchSecurity.com
,



A Trojan that steals online banking credentials is proving to be a particularly insidious and successful piece of malware, according to security experts.




Zeus is the "biggest banking Trojan out there," Laura Mather, co-founder and vice president of marketing at Palo Alto, Calif.-based fraud prevention company Silver Tail Systems said during a recent company webcast. "It's the nastiest, most sophisticated Trojan I've ever seen. It's a money-stealing machine."



FYI:  How could it be that Clampi is the "big one" after reading what we both just read about Zeus.  Is is "greek" to you as well?  



The Zeus Trojan has a capability that allows criminals to add fields to the form, such as fields for additional authentication information for a bank website; those credentials are sent back to the criminal, she said. Fraudsters also can alter the display to fool users into thinking all their money is still in their account.



The way Zeus alters a form on a genuine bank website as it's displayed on the victim's computer -- instead of showing an entirely fake banking website --
is one of its most powerful features and sets it apart from other banking Trojans, said Richard Wang, manager of the U.S. research labs at Sophos Plc.




One new Zeus Trojan functionality allows criminals to quickly use stolen credentials, and in some cases, circumvent two-factor authentication. In studying several Zeus variants, researchers at RSA, the security division of Hopkinton, Mass.-based EMC, recently discovered that some criminals were using the Jabber instant messaging open protocol in order to receive stolen information as soon as it was collected from infected computers.



Editor's Translation:  One Time Passwords (OTP's) are received by the bad guys at the same time they are received for the intended recipient, thus OTP's are no longer secure...




"Real-time notification can further online criminals' goals in some cases when certain variations of man-in-the-middle (MITM) or man-in-the-browser (MITB) attacks are launched," RSA researchers wrote. "With such attacks, the online criminal may be acting in real-time as their intended victim logs in to his or her account."



Read the Article in it's Entirety at Search Financial Security.com




Reblog this post [with Zemanta]

Disqus for ePayment News