Financial Malware Hijacks Online Banking Sessions

Orome1 writes "A new type of financial malware has the ability to hijack customers' online banking sessions in real time using their session ID tokens. The OddJob Trojan keeps sessions open after customers think they have 'logged off,' enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users' digital — and online monetary — assets."

Re:Bank, please explain me once again...

[hairyfeet]

Allow me to show you what would happen if banks switched to requiring Ubuntu tomorrow, I give you how to write a Linux virus in just 5 easy steps tada! You just got pwned!

It really is simple: Windows gets hit because that is where the easy marks are and if you switch everyone over tomorrow then by default you bring the easy marks to Linux and the famous Linux security gets turned to crapola 3 minutes later.

As a PC repairman I see the nasties that hit Windows every day, you know what the biggest two are BY FAR? The "ZOMG You got teh Viruz! Run "this_iz_not_a_viruz.exe" to kill it quick! ZOMG!" and the ever popular "Enjoy free (insert new movies, music, porn) all you want just by installing out "this_is_not_a_viruz_codec.exe" today!" Now how in any way shape or form will Linux protect the user from social engineering attacks or from running outdated third party software like Flash or Reader? Gonna hold a gun to their head and force them to update? Hell Windows has had automatic updates for over a decade yet I still see XP SP2 machines cross my desk.

The simple facts are these: as long as the user has the right to install software he also has the right to royally screw the pooch when it comes to malware. Linux by default because it is more "fiddly" and because one has to do step by step troubleshooting with it like go to forum, find relevant topic, launch bash, apply fix, has users that know more about their OS internals and are more security minded. It ain't rocket science folks. Windows got rid of the last legitimate complaint, forcing users to run as admins, more than 3 years ago. But as long as the majority of home and business users have no clue how anything works you are gonna see bugs on whatever OS is dominant because that is where the clueless are. Just look at how we are seeing more malware for Android now that it is becoming popular. With the users come the malware, simple as that. And switching to Linux won't magically give the user a level up in IT knowledge.