Print
Discuss
Send to friend
RSS feedsSecurity analysts are warning of an improvement in the SilentBanker Trojan that makes it harder to detect and more effective at stealing data.
SilentBanker specifically targets financial web pages and tries to steal log-in details using a key-logger. Although it has been around since last year the new version has a rootkit that makes finding infected files very difficult.
"Whenever a user tries to view any files on the computer, the Trojan intercepts that request and removes any reference to the Trojan's files, making the files invisible," said Symantec researcher Liam O'Murchu.
"The last version of SilentBanker targeted over 400 banks, some of which use two-factor authentication.
"The current version, as well as hiding itself, has added extra protection to its configuration files in order to make it more difficult to discover which sites are being targeted."
When a user tries to search in the registry for files that indicate an infection, the rootkit in the Trojan intercepts the search request and automatically hides its files from view.
SilentBanker is causing major concern because it is especially good at defeating two-factor authentication. This involves the user having a separate log-in token that is synchronised with the bank's server to augment a password.
The Trojan subverts the two-factor transaction by intercepting communications before they are encrypted and forwarding them to the attacker, essentially making the security of two-factor authentication useless.
The software is being spread via spam and may prove very costly given the current wave of phishing attacks being propagated in the light of the recent world banking crisis.
See also:
Integrated technologies the way forward, says McAfee 07 Oct 2008
Malware responsible for 60 per cent of all attacks during the month 01 Oct 2008
All Hacking Tags: Threats-and-risks, Crime, Security-technology, Symantec, Trojan, Malware, Security, Software
del.icio.us
Digg this
reddit!
