Slashdot Mirror

← Back to Stories (view on slashdot.org)

Financial Malware Hijacks Online Banking Sessions

Posted by CmdrTaco on from the your-password-is-31337 dept.

Orome1 writes "A new type of financial malware has the ability to hijack customers' online banking sessions in real time using their session ID tokens. The OddJob Trojan keeps sessions open after customers think they have 'logged off,' enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users' digital — and online monetary — assets."

3 of 161 comments (clear)

  1. Bank, please explain me once again... by TheMidget · · Score: 2, Interesting

    ... why you require your customers to use Windows when doing online banking?

    1. Re:Bank, please explain me once again... by Lumpy · · Score: 3, Interesting

      www.ubuntu.com

      works great, and this trojan cant work on it....

      WEll I take that back. Install the Wine packages and then run the winetricks.sh to install Internet explorer and you can get this working under linux.

      Sorry, there is no non techie way to get this trojan working under linux. I guess you will have to suffer with a more secure OS for your banking, instead of complete windows compatibility with the insecurity.

      --
      Do not look at laser with remaining good eye.
  2. Why? by Alter_3d · · Score: 4, Interesting

    The bank I use (in Mexico) forces you to get a different number from the security token every time you login or make a transaction (they are generated once a minute). If you try to make a transaction using the same token number that was used to login to the bank, the system forces you to get a different number from the token. In theory, this would stop this kind of attack. Why are no other banks doing the same?