
Wednesday, September 30, 2009

More On the URLZone Online Banking Trojan

New Trojan Evades Banks' Anti-Fraud Systems - DarkReading

New Trojan Evades Banks' Anti-Fraud Systems

'URLZone' calculates just how much money to steal from a victim's account without raising suspicion

Sep 30, 2009 | 04:08 PM

By Kelly Jackson Higgins


A next-generation Trojan recently discovered pilfering online bank accounts around the world kicks it up a notch by avoiding any behavior that would trigger a fraud alert and forging the victim's bank statement to cover its tracks.

The so-called URLZone Trojan doesn't just dupe users into giving up their online banking credentials (passwords) like most banking Trojans do: instead, it calls back to its command and control server to specific instructions on exactly how much to steal from the victim's bank account without raising any suspicion, to which money mule account to send it the money, and forges the victim's on-screen bank statements so the victim and the bank don't see the unauthorized transaction.

Continue Dark Reading

Reblog this post [with Zemanta]