Freelance Word Punk

[THIS SITE IS NO LONGER BEING UPDATED - IF YOU HAVE ENDED UP HERE YOU ARE IN THE WRONG PLACE, PLEASE CLICK WWW.HAPPYGEEK.COM TO VIEW NEW CONTENT BY DAVEY WINDER]

Saturday, December 15, 2007

State of the art attack fleeces banks of millions

It all starts in the same way as most attacks, with victims being infected via email and website links which install a generic Trojan to steal data by copying everything entered at a browser window to a compromised server. This data is then analysed and filtered, and any signs of commercial banking transactions of any decent size are noted. This can then identify the best victims to target with spear phishing techniques used to get the Prg Trojan installed by masquerading as a new security token for example. Now, everything that the victim does with their bank online is carefully scrutinised, with the Trojan learning to simulate online transactions, transfer and payments. The criminals are alerted by the Trojan when it has enough data to be able to do all this successfully, and when the victim starts any transaction. The criminal can then perform the man in the middle attack by piggybacking the session and compromising the entire account. More often than not the attackers will not even know the victims username, let alone password. Neither is needed because the software handles all of that.
Newer Post Older Post Home

Blog Archive




Co-founder of IT Security Thing Ltd, Davey Winder is a three time winner of the Information Security Journalist of the Year award (2006/2008/2010) and received the prestigious Enigma Award for his lifetime contribution to information security journalism in 2011.



Simple theme. Powered by Blogger.