NEWS Security experts say they have discovered a Trojan horse that records e-banking user details and web surfing habits.
Antivirus company Sophos is warning that the Banker-AJ Trojan is targeting online customers of banks such as Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest.
The company said that once installed, the Trojan waits for users to visit their online banking websites, captures passwords and takes screenshots of the session. The information is then relayed to the hackers behind the ploy, who use the data to steal money.
"It's the next generation of phishing attacks," said Graham Cluley, senior technology consultant for Sophos. "These rely on people going to real legitimate sites. Once the Trojan determines that you've gone there, it starts taking keystroke logs and snaps shots of machines and sends it back to hackers."
But Barclays Bank said it had seen the technique before. A spokeswoman for the company said: "This type of Trojan is something [we] have been aware of for some time. We are working with industry to identify the next steps to help combat fraud and are interested in educating customers."
Sophos also said it had seen a similar Trojan (Tofger) a few months ago, but the technique had mainly been used in Brazil.
"We did see another one a few months ago," added Cluley. "Some of the Brazilian ones just wait for the user to look at a Web site with the word 'bank' in, but this one specifically targets many well known UK banks, and that makes it notable."
Dan Ilett writes for ZDNet UK
Comments
There are 11 comments. Join the discussion
1. Trudy
I think dynamic passcode generated from a portable device is one of the way to combat against this kind of fraud. And this device must be collected in person from the bank...
Seems that it takes quite a bit of inconvenience before you can enjoy the convenience of internet banking.
2. Rob
Why bother with a password generator that you have to pick up from the bank, how many people have mobile phones? I think there is an online bank in Holland that halfway through the logon process texts you a 5 digit passcode that youhave to enter, granted a bit flawed if the mobile network is slow, but still shows yet again that the UK is behind the times compared to Europe.
3. Paul
Why not have convenient bank branches in all towns, villages and neighbourhoods, then not only would this give customers welcome human contact, but it would create jobs and do away with the need for internet banking altogether!
4. Justin Gibson
What's the name of this Trojan Horse and is it detected by antivirus software?
5. Ken Starks
So tell us, are all browsers at risk for this trojan? Is firefox and Mozilla at risk as well as Internet Explorer? Is this a Windows problem exclusively or are all operating systems open to this attack? A little information would be helpful. You did not tell the whole story.
Ken Starks
Austin, Tx
6. anonymous
I'm unnerved that the article doesn't mention the name of the trojan or manual means of detection and/or removal.
7. anonymous
I agree with the comments above, this article seems purely driven to make us subscribers click to read, now that your advertisers are happy with the stats, how about giving us your customers some real information.
How is one effected by this virus?
What OS platforms are at risk?
How do you determine whether the virus is on your machine?
Come on silicon put some meat to this or is it simply tabloid style journalism here?
8. Marlis Rodio
So what can we the user do about this banking horse?
Will our viruscanners pick it up?
9. Paul
I still can't understand why code that installs itself on the user's hard drive can't trigger a warning when it arrives.
10. Sick of internet crooks
Well said, Paul of Aberdeen. The internet is a great place, but it's also full of crooks and really not the place to be revealing (even unwittingly) your banking details of your life's savings. One day the banks will NOT protect customers against the scammers and then we'll not only have a lot of TV-game-show millionairs, but also a lot of internet paupers. Create security and jobs - bring back branch banking!!!
11. anonymous
I agree with the criticism of this article. Please add information about the program: for instance - how can you detect it, its name or names, how it installs itself, whether it replicates itself on detection, what are its names when installed, and most importantly how a moderately competent user can defend agaist it.