Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Banker Trojans Steal Millions Every Day

Posted by kdawson on from the in-ur-browzer-stealin-ur-dataz dept.

redsoxh8r notes a blog post describing in some detail the operation of "man in the browser" Trojans used to empty victims' bank accounts. "Banker trojans have become a serious problem, especially in South America and the US. Trojans like Zeus, URLZone and others are the tip of the iceberg. These toolkits are now standard-issue weapons for criminals and state-sponsored hackers. Like Zeus, URLZone was created using a toolkit (available in underground markets). What this means is that the buyer of this toolkit can then create customized malware or botnets with different command-and-controls and configurations (such as which banks to attack), but having all the flexibility and power of the original toolkit. Having such a toolkit in the hands of multiple criminal groups paints a scary picture. It's simply not enough to eliminate a particular botnet and criminal group to solve this problem."

3 of 183 comments (clear)

  1. Well duh! by pitchpipe · · Score: 5, Funny

    Banker trojans have become a serious problem

    Look at how much they stole from the American taxpayer! Oh wait, you're talking about computers.

    Speaking of Trojans, they didn't even lube it up before they put it in our ass!

    --
    Look where all this talking got us, baby.
  2. The problem is Bob by bughunter · · Score: 5, Insightful

    Just R'ed the FA, and my first reaction was "Bob's an idiot."

    First, either he is using his home PC to make financial transactions for his employer, or he is taking a laptop home that can be used to access his employer's financial institution.

    Second, he's installing shareware/freeware on this machine, and he does it without scanning the downloaded files or researching the reliability of the publisher.

    Third, he uses a browser over an unsecured internet connection instead of via VPN to the company network, which should incorporate well maintained filters and firewalls.

    Fourth, he continues to use this browser after it exhibits strange behavior.

    Fifth, he ignores red flags like unexplained 'Safety Pass' requests.

    If I discovered Bob did this when he worked for me, I'd fire Bob, no matter how much the boss on the temp agency radio commercials loves him.

    --
    I can see the fnords!
    1. Re:The problem is Bob by T+Murphy · · Score: 5, Insightful

      But no matter how quickly you fire Bob, the thieves still have that money, and they will continue to make more attacks. The point isn't to blame the victim, but to figure out how to prevent them from becoming victims in the first place. I'm tempted to join the "he deserved it" crowd, but that is far outweighed by my hate for the jerks who prey upon these people.

      --
      My webcomic