Trusteer warns of W32.Silon Trojan.INTERNET BUSINESS NEWS-(C)1995-2009 M2 COMMUNICATIONS Trusteer issued on Wednesday a security advisory on a new Trojan called W32.Silon that bypasses security tokens, banking card readers and uses a two pronged prong n. 1. A thin, pointed, projecting part: a pitchfork with four prongs. 2. A branch; a fork: the two prongs of a river. tr.v. approach to steal login information. The provider of customer protection for online businesses said its Rapport browser security service has blocked repeated attempts by the W32.Silon Trojan to compromise consumer Internet banking accounts. W32.Silon is a new malware variant that intercepts Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. sessions and has been associated with fraud incidents at several banks. Trusteer retrieved and analysed a sample of this Trojan, which is designed to steal generic login information and commit bank-specific fraud. To steal user credentials, the Trojan performs its initial attack when a user initiates a web login session In computing, a login session is the period of activity between a user logging in and logging out of a (multi-user) system. On Unix and Unix-like systems, a login session takes one of two main forms: When it targets users of online banking applications that are protected by transaction authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. devices such as tokens or banking card readers, W32.Silon waits until the user has logged on and then injects dynamic html (1) A general term for (HTML pages) Web pages that are customized for each user; for example, returning different values from a search. Contrast with a "static HTML" page, which is the same for all users. See dynamic Web page. code into the login flow between the user and the bank's web server. The malware presents authentic looking web pages that appear to be from the bank and asks the user to employ their transaction authentication device. Then the user is asked to enter information from the device into the webpage and this information is used by the criminals to execute fraudulent transactions on behalf of the user. Findings gathered from a sample of the new malware are available in a report, available at http://www.trusteer.com/webform/w32silon-malware-analysis, that explains its functionality, as well as how to detect and remove W32.Silon. ((Comments on this story may be sent to info@m2.com)) |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion