Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Massive Botnet Stealing Banking Info

One of the most sophisticated bot Trojans ever has been infecting machines for months, a security company revealed Wednesday, and has compromised an estimated one million PCs in an ongoing effort to pillage personal bank accounts.

According to Reston, Va.-based iDefense, multiple variants of a Trojan dubbed "MetaFisher," a.k.a. "Spy-Agent," has been spreading for months under the proverbial radar.

"MetaFisher has compromised hundreds of thousands if not millions of accounts for financial fraud," said Ken Dunham, the director of iDefense's rapid response team.

The Trojan's pitched the usual way -- via spammed e-mail that includes a link -- and uses the long-patched Windows Metafile (WMF) vulnerability to silently install via a drive-by download on machines whose users simply surf to these malicious sites.

Once on a machine, the malware turns the PC into yet another "bot," or remotely-controlled computer. But Dunham, who called MetaFisher "the most sophisticated bot to date," said it has several unique technical tricks up its sleeves.

  • 1