Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Banker Trojans Steal Millions Every Day

Posted by kdawson on from the in-ur-browzer-stealin-ur-dataz dept.

redsoxh8r notes a blog post describing in some detail the operation of "man in the browser" Trojans used to empty victims' bank accounts. "Banker trojans have become a serious problem, especially in South America and the US. Trojans like Zeus, URLZone and others are the tip of the iceberg. These toolkits are now standard-issue weapons for criminals and state-sponsored hackers. Like Zeus, URLZone was created using a toolkit (available in underground markets). What this means is that the buyer of this toolkit can then create customized malware or botnets with different command-and-controls and configurations (such as which banks to attack), but having all the flexibility and power of the original toolkit. Having such a toolkit in the hands of multiple criminal groups paints a scary picture. It's simply not enough to eliminate a particular botnet and criminal group to solve this problem."

2 of 183 comments (clear)

  1. Re:The problem is Bob by zappepcs · · Score: 4, Interesting

    Bob isn't an idiot, he's a typical windows user. Not to ping on MS, but they do manage to capture the low end of the market in that respect. A vast majority of computer users think that computer programmers are modern day wizards, and blindly trust that only bad programmers build bad programs. Further there are only two kinds of programs, good ones and bad ones like viruses and malware. Any program that is not bad is good, and has things like virus checking and mind reading built into them. Stack overflow is a card mishap at the casino and cross site scripting sounds like a multi site movie writers program.

    These warped expectations leads to things like ... well, like Bob.

    Bob and his friends are why so many virus and malware programs are profitable, so in a sad way, Bob is right.

    --
    Support NYCountryLawyer RIAA vs People
  2. Re:News? by Darkness404 · · Score: 3, Interesting

    Sure, but its a -lot- easier to prove that John Smith working at the bank got your PIN and made a withdraw of $XXX on X day. Its quite hard to get money from Vladimir Hacker who lives in Russia. While it might be easy to trace an IP, if it is outside of the US jurisdiction, theres not that much you can do. Yeah, you -might- be able to get the money back, but Vladimir Hacker can still do the same thing to someone else and no doubt it will require a lot of paperwork to get your money back.

    --
    Taxation is legalized theft, no more, no less.