NEWS
Hackers may have captured the login details of around 2,500 banking customers by circulating a Trojan email claiming Australia's Prime Minister has suffered a heart attack, according to a security company.
Entitled "John Howard, the current Prime Minister of Australia has survived a heart attack", the email claims Howard suffered the heart attack while staying at his official residence in Sydney and is fighting for his life in hospital.
The email then provides a link purporting to be an online news report. Users that click the link however are directed to a standard "404 error" page which downloads a Trojan to their computer.
Joel Camissar, Websense country manager for Australia and New Zealand, said the Trojan monitored infected users' internet activity. This included logging keystrokes, he said - which could include banking login details.
Websense, which has been tracking the scam, has identified one of the servers used in the hacking attempts and is recording compromised IP addresses, as well as other data stored by the server, according to Camissar.
He said 2,500 users around the world have been infected by the Trojan, with around 30 per cent - or 750 people - from Australia. Customers of banks across Europe and the US may have had their passwords captured, said Camissar, adding that customers of Australia's Commonwealth and Westpac banks may specifically have had their account details captured.
Both banks have denied the Trojan has infected their systems. A spokesperson for Westpac said its systems have not been compromised and the bank is unaware of any fraud losses as a result. While a Commonwealth Bank spokesperson said its website has not been infected by the Trojan.
However, as Camissar explained, the website is not the issue: "The Commonwealth Bank website hasn't been compromised but the Trojan horse monitors user sites visited and sends back the [bank site] username and password to the server computer."
Websense is working with law enforcement authorities to find the scammers, said Camissar.
Steven Deare writes for ZDNet Australia
Comments
There is 1 comment. Join the discussion
1. Damon Hastings
Okay, the real story here is that it's possible to be infected by a trojan merely by visiting a web page. This article focuses on a single exploit of that vulnerability, and thus the article is nearly irrelevant. The vulnerability is what matters. If it isn't patched soon, you could see millions of infections from more creative exploits in the very near future. If any hacker is able to smuggle the trojan onto even a single major website, he could net millions of victims.
Does anyone know what browser(s) are affected? Is it just Internet Explorer 6? IE7? How long has Microsoft known about this vulnerability, and when will they fix it? I can't find any useful articles on the net -- they're all just clones of this one.