13 December 2017
visit www.aciworldwide.com

Trusteer warns on two-headed Trojan attacks on online banks

28 October 2009  |  1778 views  |  0 Source: Trusteer

Trusteer, the customer protection company for online businesses, today issued a security advisory on a new Trojan called W32.Silon that bypasses security tokens, banking card readers and uses a two pronged payload to steal login information and commit online financial fraud.

The Trusteer Rapport browser security service has blocked repeated attempts in-the-wild by the W32.Silon Trojan to compromise consumer Internet banking accounts. Findings gathered from a sample of the new malware are available in a report that explains its functionality, as well as how to detect and remove W32.Silon. The report is available at trusteer.com/webform/w32silon-malware-analysis.

W32.Silon is a new malware variant that intercepts Internet Explorer web browser sessions, and has been associated with fraud incidents at several large banks. Trusteer retrieved and analyzed a sample of this two headed Trojan, which is designed to steal generic login information and commit bank-specific fraud.

To steal user credentials, W32.Silon performs its initial attack when a user initiates a web login session and enters their username and password. The malware intercepts the login POST request, encrypts the requested data, and sends it to a command & control (C&C) server.

When it targets users of online banking applications that are protected by transaction authentication devices such as tokens or banking card readers, W32.Silon waits until the user has logged on and then injects dynamic html code into the login flow between the user and the bank's web server. First, the malware presents authentic looking web pages that appear to be from the bank asking the user to employ their transaction authentication device. Next, the user is asked to enter information from the device into the webpage. This information is then used by the criminals to execute fraudulent transactions on behalf of the user.

"This new Trojan illustrates how advanced malware writers have become in their ability to dynamically execute multiple, bank-specific attacks with a single piece of software," said Amit Klein, CTO and chief researcher at Trusteer. "The level of sophistication built-into W32.Silon is concerning, as is its focus on circumventing strong authentication systems like card and PIN readers. We have put all of our banking customers on alert, and are attempting to get the word out with this advisory."

Comments: (0)

Comment on this story (membership required)

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.aciworldwide.comvisit www.atos.netvisit www.solutions.lexisnexis.com

Who is commenting?

Top topics

Most viewed Most shared
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11900 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
8964 views comments | 15 tweets | 21 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
7270 views comments | 17 tweets | 35 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
7173 views comments | 8 tweets | 17 linkedin
Alior Bank to use Open API platform and accelerator to create fintech marketplaceAlior Bank to use Open API platform and ac...
6992 views comments | 20 tweets | 11 linkedin

Featured job

Competitive base + commission + benefits
New York City, NY - USA

Find your next job