Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Banker Trojans Steal Millions Every Day

Posted by kdawson on from the in-ur-browzer-stealin-ur-dataz dept.

redsoxh8r notes a blog post describing in some detail the operation of "man in the browser" Trojans used to empty victims' bank accounts. "Banker trojans have become a serious problem, especially in South America and the US. Trojans like Zeus, URLZone and others are the tip of the iceberg. These toolkits are now standard-issue weapons for criminals and state-sponsored hackers. Like Zeus, URLZone was created using a toolkit (available in underground markets). What this means is that the buyer of this toolkit can then create customized malware or botnets with different command-and-controls and configurations (such as which banks to attack), but having all the flexibility and power of the original toolkit. Having such a toolkit in the hands of multiple criminal groups paints a scary picture. It's simply not enough to eliminate a particular botnet and criminal group to solve this problem."

3 of 183 comments (clear)

  1. The problem is Bob by bughunter · · Score: 5, Insightful

    Just R'ed the FA, and my first reaction was "Bob's an idiot."

    First, either he is using his home PC to make financial transactions for his employer, or he is taking a laptop home that can be used to access his employer's financial institution.

    Second, he's installing shareware/freeware on this machine, and he does it without scanning the downloaded files or researching the reliability of the publisher.

    Third, he uses a browser over an unsecured internet connection instead of via VPN to the company network, which should incorporate well maintained filters and firewalls.

    Fourth, he continues to use this browser after it exhibits strange behavior.

    Fifth, he ignores red flags like unexplained 'Safety Pass' requests.

    If I discovered Bob did this when he worked for me, I'd fire Bob, no matter how much the boss on the temp agency radio commercials loves him.

    --
    I can see the fnords!
    1. Re:The problem is Bob by T+Murphy · · Score: 5, Insightful

      But no matter how quickly you fire Bob, the thieves still have that money, and they will continue to make more attacks. The point isn't to blame the victim, but to figure out how to prevent them from becoming victims in the first place. I'm tempted to join the "he deserved it" crowd, but that is far outweighed by my hate for the jerks who prey upon these people.

      --
      My webcomic
  2. Re:Well... by Darkness404 · · Score: 4, Insightful

    The issue is, as always, EDUCATE THEM.

    You can educate them but they won't care. Look at how hard it is for a lot of these type of people to even browse the internet, something that is designed to be really easy to use. Even with education you run the risk of them remembering only misinformation and making them paranoid. Look at the '90s and people thinking ZOMG COOKIES ARE VIRUSES!!!11!111!1! and rather than doing sane things, they just kept up the paranoia. The last thing we need is people scared to go to a generic site because its not secured with HTTPS even though it doesn't need to be.

    Paranoia is almost worse than being ignorant, especially in a business. Being ignorant -may- cost the company money, being paranoid -will- cost the company money.

    --
    Taxation is legalized theft, no more, no less.