06 December 2016
Visit aciworldwide.com

Cat pics prove hazardous to online bank accounts

04 March 2014  |  7239 views  |  3 cat

Crooks are taking advantage of one the Internet's key weaknesses - a fondness for cat pictures - to infect computers with banking malware, according to Trend Micro.

The Zbot malware uses steganography - the practice of concealing a message within something else - to hide configuration files in images of cats and sunsets, says Trend Micro in a blog post.

Zbot downloads a Jpeg file with an image containing a hidden list of banks from around the world to monitor. If a victim visits one of the banks, the malware jumps into action and steals user credentials.

Image appended with the list of targeted institutions

The attack also downloads other malware onto the system which removes the X-Frames-Options HTTP header from sites the user visits, allowing them to be displayed inside a frame, enabling clickjacking attacks.

Comments: (3)

Andrew Smith
Andrew Smith - CloudZync - London | 05 March, 2014, 12:33

I think we need to report these types of stories more accurately as this makes it seem a simple picture could put your PC at risk, when in reality it does nothing. The danger is the malware you download and execute that then uses those pictures as a configurable source to attack. This is hardly a new story either....

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Matt White
Matt White - Finextra - Toronto | 05 March, 2014, 14:20

Bit of a catty comment.

1 thumb up! 1 thumb up! (Log in to thumb up)
Andrew Smith
Andrew Smith - CloudZync - London | 05 March, 2014, 15:14

@Matt I know, bit of a cat-astrophe

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Researchers find more than 100 malware families targeting bitcoin

Researchers find more than 100 malware families targeting bitcoin

27 February 2014  |  6489 views  |  1 comments | 8 tweets | 3 linkedin
'ChewBacca' POS malware uncovered in the wild

'ChewBacca' POS malware uncovered in the wild

31 January 2014  |  5339 views  |  1 comments | 11 tweets | 7 linkedin
Russian teen accused of writing Target malware

Russian teen accused of writing Target malware

20 January 2014  |  6007 views  |  4 comments | 8 tweets | 10 linkedin
Crooks use USB sticks to infect ATMs and steal cash

Crooks use USB sticks to infect ATMs and steal cash

06 January 2014  |  7040 views  |  2 comments | 11 tweets | 8 linkedin

Related blogs

Create a blog about this story (membership required)
Find out morehttp://www.financialcrimerisk.fiserv.com/aml?r=finextraVisit capgemini.com

Who is commenting?

A Finextra member Finextra Member Commented on: Guesswork alone can cr...
A Finextra member Finextra Member Commented on: Guesswork alone can cr...
A Finextra member Finextra Member Commented on: Guesswork alone can cr...
A Finextra member Finextra Member Commented on: Guesswork alone can cr...

Top topics

Most viewed Most shared
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
6499 views 12 comments | 15 tweets | 25 linkedin
OCC to offer fintech firms bank charter statusOCC to offer fintech firms bank charter st...
6277 views comments | 23 tweets | 15 linkedin
Bank CEOs fret about ROI as startups drive IT arms raceBank CEOs fret about ROI as startups drive...
6174 views comments | 17 tweets | 21 linkedin
Amazon signs up tech firms to financial services cloud programmeAmazon signs up tech firms to financial se...
5971 views comments | 14 tweets | 15 linkedin
hands typing furiouslyBanking Data For Third Parties
5583 views 0 | 2 tweets | 2 linkedin

Featured job

Find your next job