New Trojan designed in such a way that he did not just steal bank details, but actually takes money from the accounts when the user enters the online-banking system, the Trojan displays fake his figures on the balance sheet.
ÂÂ
Study IT company Finjan today released details of the new Internet attacks using a previously unknown banking Trojan URLzone, created and managed group intruders on the territory of Ukraine.
According to the company, the Trojan has a number of functions designed to deceive the fraud detection systems. Yuval Ben-Itzhak, CTO of Finjan, said that Trojan carries out non-standard transactions, so the security of banks do not always work. For example, a new soft on the fly is able to calculate how much money can be relatively safe to take, based on the total amount available for withdrawal.
The Finjan report that found a Trojan that when we worked in collaboration with several German banks, which still suspected something in the behavior of the accounts. The company also definitely argue that the management is carried out with the Trojan territory of Ukraine and located at the same command servers URLzone. We have already informed the German security services and police, - said in the company. This Trojan next generation, it represents the beginning of a new trend, where more complex malicious code will attempt to enter the banking system security error.
In
Finjan told that tracked the process of communication with the Trojan's command center and seized all the data, as well as the transfer is over unencrypted channels. It is known that the server is installed LockySploit, which serves as the administrative console that manages the Trojan and collects statistics.
estimated IT experts, today infected with the Trojan sites visited by about 90 000 people, of which 6 400 people still downloaded the malicious code (7.5%). Of this number, about a hundred people use online banking. With reference to the representatives of the only German banks Finjan reported that Ukrainian hackers stole about 300 000 euros. It is possible that the attackers were working in other countries.
algorithm for the Trojan's next: the potential victim infects your computer with malicious code by opening spam attachments or downloading malicious code from the site. Then the system backdoors, infiltrated into the PC, installs in the background, the Trojan itself, as an alternative authors of the Trojan trying to send the Trojan directly through a particular vulnerability in the browser.
Further, when the PC user enters the system of banking online, the Trojan intercepts the data automatically for the balance and calculates the minimum and maximum ranges of possible withdrawals, followed by real-time substitutes the user has updated the amount of the balance (minus the amount removed ). The Trojan is able to independently communicate with the banking system and get a response from her passing it from displaying in the browser - saying the company.
transfer money to accounts of the so-called mules - users, specially opened account for the accumulation of money. Sami mules then transfer the money to hackers, taking the sum of its interest. Sometimes a species appears on mules, some staff members' own banks. If you can not say exactly how much money was in his account until the last entry, it is likely that the theft he did not notice - said in Finjan.
Simultaneously with the withdrawal of money trojan also tries to clean up the traces of their work on the PC (deletes the history) and attempts to delete the history of banking transactions (if it is supported on banking).
Having played a positive morning, Russia's grounds left in a minus on the background of negative opening session of the American
The worst of the market today, look at the RTS stock FGC, which were adjusted downward
USA: Chicago index of business activity seriously disappointed investors
The government of Russia imposed a 28,1%-ing duties on imports of pipes for oil and gas pipelines
In the United States began to appreciate accommodation
In September, Russia remains zero inflation
Ukravtodor is negotiating with the EBRD and EIB financing the reconstruction of access roads to Kiev
STA in Ivano-Frankivsk region. brought a case against members of the STI on the fact of abuse of
Developers forced to be responsible for higher prices and delayed delivery of objects