Friday, May 21, 2010

Feature Story: Twitter Attack Pushes Online Banking Trojan

Security Watch is reporting on one of the many reasons Kapersky Labs is calling for "mass adoption" of peripheral card readers for all Internet Banking users...browsers are just too dangerous and thus, simply put, websites cannot be trusted.



Twitter Attack Pushes Banking Trojan








Tripe DES DUKPT End to End Encryption vs. Typing sensitive data into a box in a browser
Attackers are targeting Twitter users with a Trojan stealing online banking credentials, according to researchers.



"The initial Trojan is downloaded to the victim machine by a malicious Java archive file," explained Dmitry Bestuzhev of Kaspersky Lab. "It has several malicious features, for example: spreading through USB devices; it disables Windows task manager, the regedit application and also notifications from Windows Security Center. Also it creates a copy of itself in the system with the name of Live Messenger. The criminals even included an anti-virtualization feature. The worm checks if the hard drive of infected system is virtualized or not. If found to be in a virtual system, the malicious code won't be executed."
The malicious links being tweeted out come with the message "haha this is the funniest video ive EVER SEEN!" Researchers at F-Secure noticed the attack as well, and said the links in the tweets point to a page under pc-tv.tv.
"This malware is very harmful since credit cards and online banking credentials are in the game," Bestuzhev blogged. "Please, be really careful especially with trend topics (searches) since in many cases they are being used by criminals."


Reblog this post [with Zemanta]

Disqus for ePayment News