Trojans are attacking banks – is your bank at risk?

It’s no news that banks are being attacked by trojans. The trojan Sinowal/Torpig attacked a worldleading bank, two days after they started rolling their standard chip and pin reader. Security Trusteer Company recently launched the “Attack Trace” search engine, which enables users to search and check if a specific website is at risk in one of the three notorious Trojans search Silent Banker, WSNPOEM / Zeus / PRG / Zbot and Sinowal/torpig. The Trojans, once active in a computer, is hidden to the user, and is able to monitor all traffic, both HTTP and HTTPS, and then is able hijack and manipulate data, where end-user cannot see that he is being frauded.

Advertisements

~ by petergullberg on February 2, 2009.

5 Responses to “Trojans are attacking banks – is your bank at risk?”

  1. Scary but I think that test is no good.. I just checked swedbank.se using your link provided, to my suprise heres the result:

    We checked the website ‘swedbank.se’ against 3 malware variants and found that the following variants capture and send credentials while users log onto this website.

    Torpig/Sinowal/Anserin

  2. Hi Johan,

    Thanks for the comment! And I agree, scary is a good word!
    I believe the problem is that the webpage just reports that there is an issue with the entered url, and not exactly what the Torjan is doing. Torpig can easilly update itself if required, and is capable of fully intercepting the communication. There exist more than 40 variants of the Trojan, and has been described as “one of the most advanced pieces of crimeware ever created“…

    cheers
    \P

  3. Does this mean that in fact MY computer could be infected or does it mean that the bank e.g. swedbank is where the trojan is located? I have a hard time beleiving that such a big bank would be unaware of any issues like these thus maybe the problem is on my old crappy computer =)

  4. Correction, my question should be formulated: Is it the bank website that is spreading the Virus? But, I understand that of course my computer is already infected and what the report says is that my trojan is triggered or listening or activated when I enter an url like swedbank.se. Good blog ny the way

  5. In simple terms it works in the following way:
    1. You surf to a website, that is malcious
    2. The most common way to infect is; try to infect your computer, by using either known security holes, or by forcing you to accept something, install a ActiveX, run a small utility software or downloading a torrent
    3. If the website, which normally is doing this for someone else, is sucessful, he makes a small profit $0.1-$0.5.
    4. The trojan install himself, and inejcts malicious code into the browser(s)/system
    5. When you start surfing to a certain URL (=read bank), the trojan intercepts the communication, and can do basically anything he wants, as it can be application driven from the remote side…

    cheers
    \P

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: