Trusteer Warns of New Two Headed Trojan Attack Against Online Banks.W32.Silon Circumvents Transaction Authentication Systems to Commit Financial Fraud NEW YORK New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of -- Trusteer, the customer protection company for online businesses, today issued a security advisory on a new Trojan called W32.Silon that bypasses security tokens, banking card readers and uses a two pronged prong n. 1. A thin, pointed, projecting part: a pitchfork with four prongs. 2. A branch; a fork: the two prongs of a river. tr.v. payload to steal login information and commit online financial fraud. The Trusteer Rapport browser security service has blocked repeated attempts in-the-wild by the W32.Silon Trojan to compromise consumer Internet banking accounts. Findings gathered from a sample of the new malware are available in a report that explains its functionality, as well as how to detect and remove W32.Silon. The report is available at http://www.trusteer.com/webform/w32silon-malware-analysis. W32.Silon is a new malware variant that intercepts Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. sessions, and has been associated with fraud incidents at several large banks. Trusteer retrieved and analyzed a sample of this two headed Trojan, which is designed to steal generic login information and commit bank-specific fraud. To steal user credentials, W32.Silon performs its initial attack when a user initiates a web login session In computing, a login session is the period of activity between a user logging in and logging out of a (multi-user) system. On Unix and Unix-like systems, a login session takes one of two main forms: When it targets users of online banking applications that are protected by transaction authentication devices such as tokens or banking card readers, W32.Silon waits until the user has logged on and then injects dynamic html (1) A general term for (HTML pages) Web pages that are customized for each user; for example, returning different values from a search. Contrast with a "static HTML" page, which is the same for all users. See dynamic Web page. code into the login flow between the user and the bank's web server. First, the malware presents authentic looking web pages that appear to be from the bank asking the user to employ their transaction authentication device. Next, the user is asked to enter information from the device into the webpage. This information is then used by the criminals to execute fraudulent transactions on behalf of the user. "This new Trojan illustrates how advanced malware writers have become in their ability to dynamically execute multiple, bank-specific attacks with a single piece of software," said Amit Klein, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. and chief researcher at Trusteer. "The level of sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. built-into W32.Silon is concerning, as is its focus on circumventing strong authentication systems like card and PIN readers. We have put all of our banking customers on alert, and are attempting to get the word out with this advisory." About Rapport Rapport from Trusteer is a lightweight browser plug-in plus security service that prevents criminals from tampering with a user's browser and protects against man-in-the-browser, man-in-the-middle, and phishing attacks. When users browse to sensitive websites such as Internet banking, Webmail, or online payment pages, the Rapport plug-in immediately locks down the browser and prevents any unauthorized access to web pages and confidential information that flow through the browser. Rapport is available for download here. Trusteer also offers in-the-cloud reporting services. When unauthorized access attempts are detected by Rapport, these are analyzed by fraud experts who provide actionable intelligence to financial institutions. About Trusteer Trusteer enables online businesses to secure communications with their customers over the Internet, and protect personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. (PII See Pentium II. ) and transactions from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Trusteer's services are used by more than 30 financial institutions in North America and Europe, and by over 3 million users. Trusteer is a privately held corporation Noun 1. privately held corporation - a corporation owned by a few people; shares have no public market close corporation, closed corporation, private corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion