main
Report a problem

Symantec: Trojan has 400 banks on its hitlist

EL1TE   on 14 January 2008 - 21:45 · 13 comments & 10512 views

Advertisement (Why?)
A Trojan dubbed Silentbanker targets more than 400 banks including the household names in the U.S. and other financial institutions abroad and hangs in the background to intercept transactions with two-factor authentication, according to researchers at Symantec. In a day full of the usual Trojan attacks (they all sort of look alike after awhile) the sheer versatility of Trojan.Silentbanker is notable.

Symantec researcher Liam OMurchu writes in a blog post:

"The ability of this Trojan to perform man-in-the-middle attacks on valid transactions is what is most worrying. The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker’s account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker’s details instead. Since the user doesn’t notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Unfortunately, we were unable to reproduce exactly such a transaction in the lab. However, through analysis of the Trojan’s code it can be seen that this feature is available to the attackers."

View: Full Story @ ZDNet

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Unknown
User name: EL1TE
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

 

Post a comment · Send to friend Comments · There are 13 additional comments
#1 Tarrant64 on 14 Jan 2008 - 22:18
Not bad.
#2 funkymunky on 14 Jan 2008 - 22:26
Very coool from a security perspective.

However what I don't understand is, is that surely it's easy to track where the money went to in cases like this once it's reported?
#3 Ogmius on 14 Jan 2008 - 22:31
Superman 3!
(3 replies) #4 Deathray on 14 Jan 2008 - 22:47
The hackers are doing stuff beyond the ability of people working at Symantec labs? lol... wow
#4.1 Munkyman on 14 Jan 2008 - 22:53
You make it sound like a challenge Hehe
#4.2 Optix Illusion on 14 Jan 2008 - 22:58
Quote - (Deathray said @ #4)
The hackers are doing stuff beyond the ability of people working at Symantec labs? lol... wow


Sometimes I wonder if it is Symantec themselves that write these viruses/trojans, so people will buy their software.

Last edited by Optix Illusion on 14 Jan 2008 - 22:59
#4.3 +Octol on 15 Jan 2008 - 21:03
Quote - (Optix Illusion said @ #4.2)
Sometimes I wonder if it is Symantec themselves that write these viruses/trojans, so people will buy their software.

Do you really wonder that?

Do you really think that Symantec [or any other legitimate security firm] could do something like that and keep it from leaking out?

And do you really think that Symantec is stupid enough to jeopardize its entire multi-billion-dollar security business by secretly producing malware when there is already enough crap out there to keep them in business forever?
#5 Croquant on 15 Jan 2008 - 01:55
FUD!
#6 elvenseven on 15 Jan 2008 - 02:41
FUD so people would buy Symantec antivirus!

Last edited by elvenseven on 15 Jan 2008 - 02:43
#7 kouhii00 on 15 Jan 2008 - 02:58
I HOPE Symantec's bank is on the list........
#8 Fugi on 15 Jan 2008 - 03:51
I like Symantec and all but their software seems to be more geared towards looking good adn hogs up a lot of resources (I used norton 360 for a few months and went back to avg.
(1 reply) #9 DATmafia on 15 Jan 2008 - 06:23
since when is this a Symantec only bashing site. Yeah they went from usable back in the day to having the worst product in the security/antivirus product arena. What Everyone needs realize is that every program at some level sucks and a large group of people will hate and bash everything ever created. The rule of computing that I don't see on Neowin anymore is using what works best for YOUR needs and bring up known issues and sharing experience with products. Not just bashing coz everyone else is. I did a quick search and Symantec is the only vendor who has an original posting about this Trojan. So STFU if all you wanna do is cry that Symantec is crap since no other vendors currently have an orignal posting about this trojan Yet.
#9.1 ]SK[ on 15 Jan 2008 - 07:24
I can't imagine Symantec works best for ANY home users needs. It's only bought by people who arn't clued up on software, it's also the one package found on retailers shelves. Well... that and McAfee.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1387) © 2000 - 2008 Neowin.net