Security researchers are warning of a new Trojan that hijacks users’
banking information, allowing hackers to empty their accounts.
So far this new type of Trojan has been sweeping Brazil and, more
recently, Great Britain. But analysts say they expect it to arrive on
U.S. shores shortly.
”This is pretty nasty,” says Graham Cluley, a senior technology
consultant for Sophos, an anti-virus and anti-spam company based in
Lynnfield, Mass. ”If they grab hold of your user name, password, and
PIN number, then potentially they can empty your bank account. This is
working in a much sneakier way than your average phishing email.”
Cluley says that with users starting to catch onto phishers’ email
schemes, the hackers are sending out this new type of Trojan. Once the
malware infects a Windows PC, it silently lies in the background,
waiting for the user to go to an online banking Web site. Once the
Trojan detects that the browser is on a banking site, it ‘wakes up’ and
begins capturing key strokes and taking screen snap shots. The
information is then sent back to the hacker, who uses it to break into
the account.
”We’ve been telling people not to click on the link when they get what
looks like a phishing email,” says Cluley. ”We tell them to go to
their bank’s site by typing in the Web address in their browser. These
Trojans rely on you doing just that… This is much more subtle. It’s
spying over your shoulder really.”
Cluley says the Trojan first reared its head in Brazil, raising a lot of
havoc there. Now it’s in full attack on Great Britain, targeting users
of online banks like Barclays, HSBC, Lloyds TSB and NatWest.
The researcher also notes that he hasn’t seen any of the Trojans
containing code that specifically targets U.S.-based banks, but he
figures it’s only a matter of time before that happens.
”I wouldn’t be surprised at all,” adds Cluley. ”Despite the arrests
in Brazil, we’ve seen dozens and dozens of new phishing Trojans coming
out. I wouldn’t be surprised if it soon turned to American banking
customers.”
Sophos is warning users to keep their anti-virus software and patches
updated, while running a strong firewall.