Networking

03:00 AM
Connect Directly
RSS
E-Mail
50%
50%

New Trojan Steals Banking Information

The Internet Storm Center issued a warning that a new Trojan virus is posing a threat to online banking customers.

The Internet Storm Center issued a warning that a new Trojan virus is posing a threat to online banking customers.

The carrier of the threat, "img1big.gif," poses as an image file, according to center, Bethesda, Md. The file is not an image at all, but a file-dropper Trojan composed of a pair of Win32 executable programs compressed together using the Open Source executable compressor UPX.

The trojan installs a Browser Helper Object (BHO) on Internet Explorer version 4.X and higher. One of the two sets of code performs the initial install, the other performs the BHO install. Once the BHO is up, it looks for secure access to the URLs of several dozen banking and financial sites around the globe and "grabs any outbound POST/GET data from within IE before it is encrypted by SSL," according to Storm Center handler John Bambenek.

The outbound data--including user names and passwords--is sent over an HTTP connection created by the Trojan to the address http://www.refestltd.com/cgi-bin/yes.pl.

The center recommends free software called BHODemon from Definitive Solutions to help administrators identify BHOs installed on Windows systems.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed