Symantec: Trojan has 400 banks on its hitlist

A Trojan dubbed Silentbanker targets more than 400 banks including the household names in the U.S. and other financial institutions abroad and hangs in the background to intercept transactions with two-factor authentication, according to researchers at Symantec. In a day full of the usual Trojan attacks (they all sort of look alike after awhile) the sheer versatility of Trojan.Silentbanker is notable.

Symantec researcher Liam OMurchu writes in a blog post:

"The ability of this Trojan to perform man-in-the-middle attacks on valid transactions is what is most worrying. The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker's account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker's details instead. Since the user doesn't notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Unfortunately, we were unable to reproduce exactly such a transaction in the lab. However, through analysis of the Trojan's code it can be seen that this feature is available to the attackers."

View: Full Story @ ZDNet

Report a problem with article
Previous Story

Veteran Windows architect resigns from Microsoft

Next Story

Neowin adds Game Ratings Subforum

12 Comments

Commenting is disabled on this article.

since when is this a Symantec only bashing site. Yeah they went from usable back in the day to having the worst product in the security/antivirus product arena. What Everyone needs realize is that every program at some level sucks and a large group of people will hate and bash everything ever created. The rule of computing that I don't see on Neowin anymore is using what works best for YOUR needs and bring up known issues and sharing experience with products. Not just bashing coz everyone else is. I did a quick search and Symantec is the only vendor who has an original posting about this Trojan. So STFU if all you wanna do is cry that Symantec is crap since no other vendors currently have an orignal posting about this trojan Yet.

I can't imagine Symantec works best for ANY home users needs. It's only bought by people who arn't clued up on software, it's also the one package found on retailers shelves. Well... that and McAfee.

I like Symantec and all but their software seems to be more geared towards looking good adn hogs up a lot of resources (I used norton 360 for a few months and went back to avg.

Deathray said,
The hackers are doing stuff beyond the ability of people working at Symantec labs? lol... wow

Sometimes I wonder if it is Symantec themselves that write these viruses/trojans, so people will buy their software. :ponder:

Optix Illusion said,
Sometimes I wonder if it is Symantec themselves that write these viruses/trojans, so people will buy their software. :ponder:

Do you really wonder that?

Do you really think that Symantec [or any other legitimate security firm] could do something like that and keep it from leaking out?

And do you really think that Symantec is stupid enough to jeopardize its entire multi-billion-dollar security business by secretly producing malware when there is already enough crap out there to keep them in business forever?

Very coool from a security perspective.

However what I don't understand is, is that surely it's easy to track where the money went to in cases like this once it's reported?