Two Heads are Worse Than One
Bank Technology News | October, 2009
|
Print
Email
Reprints
FeedbackThe new Trojan horse stalking online banks bypasses token and card readers by using a two-pronged payload to steal login information to commit fraud, according to an advisory issued by online tech firm Trusteer.
Called a “two-headed” Trojan attack, the attacks come from the W32.Silon Trojan.
When targeting token or card reader-protected online banking applications, W32.Silon waits until the users has logged on and then injects HTML code into the log inflow between the user and the bank’s Web server.
The malware then presents authentic-looking web pages suggestive of a bank asking the user to employ their authentication device. Users are asked to enter information form the device into the web page, with information used by crooks to execute fraudulent transactions.
“[Banks] should educate users to pay close attention to any changes from the standard workflow on a bank’s Website,” says Amit Klein, CTO of Trusteer. “If users are aware of the deviation from a standard log in procedure, that’s a telltale sign that something’s wrong.”
| More articles in Bank Technology News |
| Subscribe to Bank Technology News |
Survey
Facebook's securities filings show its Facebook Credits digital currency business is exploding. Does it pose a serious threat to banks?
