New Online Banking Trojan "BlackEnergy" Packs a Double Wallop

On Wednesday, SecureWorks Joe Stewart talked at the RSA Conference about the BlackEnergy Banking Trojan and how it hit's banks with a double-whammy.  It steals online banking credentials (Don't Type/Swipe) and then wages a DDoS attack on the banks as a cover.  Forbes did a story on this yesterday in which they stated:



On Wednesday cybersecurity researchers at Secureworks issued a report describing a new cybercriminal group that aims a one-two punch at banks. First it collects banking customers' passwords using a variation of the so-called Black Energy software, which has infected thousands of computers worldwide to create a "botnet" of hijacked machines. The machines use the collected passwords to move funds into the hackers' accounts, and then typically delete files from the user's computer to cover their tracks.

Today, DarkReading's Kelly Jackson Higgins writes about BlackEnergy.  Again.  If we stop typing our online banking credentials into boxes in browsers and instead, swipe our bank issued card and enter our bank issued PIN, then the bad guys would get a bunch of 3DES DUKPT encrypted gobblygook.

New BlackEnergy Trojan Targeting Russian, Ukrainian Banks

Botnet lets attackers steal online banking credentials and DDoS Russian and Ukrainian banks

Mar 04, 2010 | 09:24 AM

By Kelly Jackson Higgins | DarkReading

SAN FRANCISCO -- RSA Conference 2010 -- Russian hackers have written a more sophisticated version of the infamous BlackEnergy Trojan associated with the 2008 cyberattacks against Georgia that now targets Russian and Ukrainian online banking customers.



Joe Stewart, a security researcher with SecureWorks, says Russian hackers are using the Trojan spread via the BlackEnergy botnet to hit Russian and Ukrainian banks with a two-pronged attack that steals their customers' online banking credentials and then wage a distributed denial-of-service (DDoS) attack on the banks as a cover: "They may be emptying the bank accounts while the banks are busy cleaning up from the DDoS," Stewart says.



Dubbed by Stewart as "BlackEnergy 2," this new version of the Trojan is a full rewrite of the code that features a modular architecture that supports plug-ins that can be written without access to its source code. It currently comes with three different DDoS plug-ins, as well as one for spamming and two for online banking fraud, according to Stewart.

While the Zeus Trojan remains the most popular Trojan, Stewart says BlackEnergy 2 can do things Zeus cannot, such as stealing online credentials plus DDoS'ing. BlackEnergy 2 also steals the user's private encryption key. Stewart has written an analysis of the Trojan, available here.

Continue DarkReading

Thanks for Visiting - Bookmark us or Add to your Favorites and Find Out What's Going on Tomorrow in the Payments Industry

Related articles by Zemanta

• URLZone - It Outsmarts Law Enforcement Investigators... (pindebit.blogspot.com)


• Botnet targets major Web sites with junk SSL connection (infoworld.com)