Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

October 22nd, 2010, 10:48 GMT · By

New Banking Trojan Targets Over a Dozen Financial Institutions

SHARE:

Adjust text size:


Researchers find another banking trojan
Enlarge picture
Security researchers from FireEye have identified a new banking trojan, which is capable of launching man-in-the-browser (MITB) attacks and targets an unusually high number of financial institutions.

Dubbed Feodo by the security vendor, the malware is similar in concept and features to other banking trojans like ZeuS, SpyEye, Bugat or Carberp.

The threat steals online banking credentials and other sensitive information by intercepting data inputted into Web forms, as well as injecting rogue HTML elements into pages.

"I can see that the bot herders are instructing its zombies to target over a dozen banks. This is a huge list, I rarely see even bot herders behind Zbot targeting so many banks," Atif Mushtaq, a security research engineer at FireEye, says.

The expert also notes, that unlike Zbot or SpyEye, Feodo is not the result of a crimeware toolkit sold on the underground market and that it most likely belongs to a single gang.

As of two days ago, only two antivirus engines on VirusTotal detected the threat as malicious. However, VirusTotal only performs signature-based scans and more pro-active protection layers present in many products might actually block it.

It's worth noting that the trojan doesn't only target banks, but also services like PayPal, Amazon, Myspace or Gmail.

Feodo hooks into the browser process and monitors accessed URLs. If any of them matches a regular expression from its config file, it starts capturing form data and submits to its command and control server.

The trojan can also inject rogue form fields in order to trick users into providing more information than is normally required.

Another feature involves stealing entire HTML pages during the browsing sessions. This allows the attackers to know how various online banking systems inside, without having to open accounts with each of the banks.

Mr. Mushtaq points out that while Feodo doesn't trump other banking trojans in capabilities, its private nature presents other advantages.

"Unlike Zbot which has become a victim of its own success, this malware can fly under the radar for a long time. If the attackers want a new feature, they don't need to wait for a new toolkit version, a change can be made right away," he explains.

TELL US WHAT YOU THINK:

2,219 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


One in Five Infected Computers Had a ZeuS Variant
A New Banking Trojan Takes on ZeuS
Multi-Botnet Operation Targets German Online Banking Users
New Banking Trojan Discovered in the Wild
New Crimeware Toolkit Threatens Zeus

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use