News : Online Banking and Internet Hackers

Viewing 6 reply threads
  • Author
    Posts
    • #3469
      KrisTeason
      Participant

      Saw this one on Security-Sh3ll figured I’d post it here, maybe it’d open a discussion. I was personally amazed by the number of unique banking trojans F-Secure found on the net at the end of 2008, didn’t know it was that high.

      “The latest advances in Internet bank theft include the use of Trojan programs that can slip onto an unsuspecting computer’s hard drive through a viral link on a greeting card or in e-mail spam. The Trojan hides out on the hard drive and waits until the computer user logs onto a banking Web site, and then acquires user names and passwords.”

      [align=center:4pspd9oi]Full Story Here[/align:4pspd9oi]

    • #22698
      jason
      Participant

      I don’t know where all these financial breaches are heading, but it can’t be anywhere good, even in the short term. Here’s an article talking about compromised account info of Germans, with the potential of three out of four Germans having compromised info. Scary.

      http://www.theregister.co.uk/2008/12/09/stolen_german_bank_accounts_for_sale/

    • #22699
      timmedin
      Participant

      As Willie Sutton the bank robber said when asked why he robbed banks, ‘because that’s where the money is’.”

      Better to go after the bank than try some spam attack which has a very low return, one in a million. However, I am still suprised by the number of bits of software, but I wonder how many are mutations of the same code change automatically to hide. What I wonder is how many developers there are, not that we will be able to get a solid number.

      As an aside I get a kick out of reporters…

      One Internet security  expert says banking Trojans are more advanced and evolving faster than anti-virus solutions.

      One, only one? …and they didn’t even cite him.

    • #22700
      RoleReversal
      Participant

      @timmedin wrote:

      One Internet security  expert says banking Trojans are more advanced and evolving faster than anti-virus solutions.

      One, only one? …and they didn’t even cite him.

      I could be doing someone an injustice, but isn’t that the lazy journalist way of saying: ‘I’m sure I could get someone to agree with this if I could be bothered to do the leg work…’?

      Although to be fair I’m sure you could find lots of people that agree with the statement if you did some digging

    • #22701
      timmedin
      Participant

      @RoleReversal wrote:

      @timmedin wrote:

      One Internet security  expert says banking Trojans are more advanced and evolving faster than anti-virus solutions.

      One, only one? …and they didn’t even cite him.

      I could be doing someone an injustice, but isn’t that the lazy journalist way of saying: ‘I’m sure I could get someone to agree with this if I could be bothered to do the leg work…’?

      Although to be fair I’m sure you could find lots of people that agree with the statement if you did some digging

      Not to mention that bypassing AV has become trivial. Using MetaSploits msfencode you can package executables to bypass AV. John Strand has a video on it.
      http://www.irongeek.com/i.php?page=videos/bypassing-anti-virus-with-metasploit

    • #22702
      RoleReversal
      Participant

      @timmedin wrote:

      John Strand has a video on it.
      http://www.irongeek.com/i.php?page=videos/bypassing-anti-virus-with-metasploit

      Thanks for the link, good stuff. I hadn’t seen this done manually with msfencode, saw Muts’ presentation at Schmoo where something similar was done manually, also worth a look if you haven’t seen it

    • #22703
      jason
      Participant

      I’ll have to add this to my Muts list. I’ll get around to them all eventually.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?