November 11, 2004 10:19 AM PST

Trojan horse spies on Web banking

Security experts say they've discovered a Trojan horse that records e-banking user details and Web surfing habits.

Antivirus company Sophos is warning that the Banker-AJ Trojan is targeting online customers of British banks such as Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest. The Trojan affects computers running Microsoft Windows.

The company said that once installed, the Trojan waits for users to visit their online banking Web sites, then captures passwords and takes screenshots of the session. The information is relayed to the hackers behind the ploy, who use the data to steal money.

"It's the next generation of phishing attacks," said Graham Cluley, senior technology consultant for Sophos. "These rely on people going to real, legitimate sites. Once the Trojan determines that you've gone there, it starts taking keystroke logs and snaps shots of machines and sends it back to hackers."

Phishing scammers typically set up bogus Web sites to capture victims' personal information. They send e-mails that appear to come from trusted companies to lure people to the fake sites, where victims are asked to enter information such as credit card data. Attacks frequently target bank customers, but eBay and Amazon.com have also been recent targets.

Barclays Bank said it had seen the technique of using legitimate sites before. A representative for the company said, "This type of Trojan is something (we) have been aware of for some time. We are working with (the) industry to identify the next steps to help combat fraud and are interested in educating customers."

Sophos also said it had seen a similar Trojan, Tofger, a few months ago, but the technique had mainly been used in Brazil.

"We did see another one a few months ago," Cluley added. "Some of the Brazilian ones just wait for the user to look at a Web site with the word 'bank' in (it), but this one specifically targets many well-known U.K. banks, and that makes it notable."

Dan Ilett of ZDNet UK reported from London.

2 comments

Join the conversation!
Add your comment
kudos to CNET
>> The Trojan affects computers running Microsoft Windows.

Thanks for making it clear (in the first pp!) which platform is
affected by this Trojan. Saves me (Apple user) the trouble!

jungle/nelson, new zealand
Posted by junglepayne (4 comments )
Reply Link Flag
trogan horse's steal financial info.
The US Governmetn must hire UC berkley Computer Science Dept to come up with a new internet, and a newer and better OS to replace Unix and all its derivitives. Dos-Windows Evolutin is too dangerous and must be forbidden to access the internet by the US Gav, or othrwise used. Everyone should be required to use some version of FreeBSD, and Apple to sell its OX GUI to everyone. Apple and Microsoft would survive. The US Gov needs to require and finance fibre-optic motherboards, very cheap large, thin monitor's screen monitors, nd resajuire all TViuing up to thte broadcssts. Computers need to be run from the DCs or DVDs out of the DVD or CD-Rom Drive. Slow, buggy cocmputers and programs, and small screens are greatly reducing American productivity. We need to have the US Gov finance new super fiber optic broadband. The Old Arpnet became the Internet. Meant only for a small community of trusted users, the militry, the universities, non-prof t research, defense contractors, disaster management agencies, it was turned into the internet as we know it. UC Berkley Computer Science Department inventd Arpnet and Unix, and the basic protocols stiil running the by the internet.
Posted by Zeno77 (12 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.