How Notorious Trojans Hit Banks and Steal Your Money - Security - News & Reviews - eWeek.com | eWeek

How Notorious Trojans Hit Banks and Steal Your Money

How Notorious Trojans Hit Banks and Steal Your Money
Écrit par
Brian Prince
Brian Prince
Oct 26, 2009
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus


How Notorious Trojans Hit Banks and Steal Your Money

How Notorious Trojans Hit Banks and Steal Your Money

Trojans for Sale

2

The Zeus crimeware toolkit has been around for years, and has been linked to a number of data theft operations, including the notorious “Rock Phish” group. The toolkit has become widely available in the cyber-underground. Here is an example of a “for sale” posting for the Trojan.


Infect Yourself? No Problem

3

Some toolkits come with the ability to remove malware if would-be attackers accidentally infect themselves.


Master and Commander of the Cyber-Underground

4

Many toolkits contain a command and control utility that is added to a Web server and used to manage the botnet.


Room for One More

5

The subject of this slide is Trojan.Pilleuz, a worm that spreads through file-sharing programs, removable drives and Microsoft instant messaging clients. When executed, it connects to one or more of several network addresses and opens a backdoor on the compromised computer. The screenshot below shows the master console of the botnet after a newly infected system has joined. The worm is believed to stem from the Butterfly bot kit, which is no longer for sale.


Advertisement

Clampi Infection Rates

6

This graph depicts the spread of the Clampi Trojan over the past year as observed by Symantec. There are two notable spikes that correspond to the release of updates to this Trojan. The variant released on July 15, 2009, is what Symantec is currently seeing in the wild.


Stealing the Data

7

This from a Clampi infection. Here, the Trojan is injecting a fake form into a banking log-in session. The idea is for the user to see this page in her browser and think it is legitimate—unfortunately for the user, it is not.


Stealing the Data, Reloaded

8

This is a side-by-side comparison of log-in forms. You’ll notice slight differences between the two. The fake one has an extra field, courtesy of Trojan.Silentbanker. Silentbanker records keystrokes, captures screen images and steals confidential financial information to send to a remote attacker.


9

We end at the place where it all starts for phishing victims—the infection. In the example here, the user is tricked into visiting a malicious site. This one promises the visitor information about the “murder” of pop star Michael Jackson. All users have to do to get infected is click on the link on the page.


Money Mules Transfer Profits

10

In the case of the URLZone Trojan, the gang behind it uses money mules to get the money from the stolen accounts. Here is a money mule definition screen that includes the maximum and minimum amount to steal, the money mule account details, enable/disable flags and the comments for the fraud transaction (money transfers often include comments such as the reason for transferring the money, Finjan researchers explained).

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.