New Banking Trojan: A Nasty And Formidable Foe

Malware is getting more and more sophisticated. Bent on destruction, it is seemingly immune to modern weapons. One such Trojan horse program is very sophisticated and it keeps reinventing itself in its greedy quest to empty bank accounts.

The URLzone Trojan, which was recently discovered by Finjan Software, is highly advanced and proof positive that the bad guys are keeping up with technology as well as the good guys (if not being a step ahead, sad to say). This strain of malware rewrites bank pages; victims do not know that their accounts have been tampered with and emptied in many cases. Its interface is sophisticated and diabolical as it’s command-and-control feature allows the bad guys pre-set the percentage of the account balance they wish to clear out!

URLzone is a formidable adversary.. RSA researchers claim that this malware utilizes several techniques to discover those machines that have been set up by investigators and law enforcement, and so far, they have been impossible to fool. RSA Security was founded by and named after the inventors of public key cryptography: Ron Rivest, Adi Shamir and Leonard Adelman. According to Aviv Raff, RSA’s Fraud Action research lab manager:

“We typically create programs that are designed to mimic the behavior of real Trojans. When URLzone identifies one of these, it sends it bogus information. Security experts have long published research into the inner workings of malicious computer programs such as URLzone…Now the other side knows that they are being watched and they’re acting.”

URLzone is merciless when it discovers a program established by the “good guys.” Some malware might be content to simply disconnect, but not URLzone. The server forces money transfers, but not by one of their own people recruited to move cash overseas. They choose an innocent victim; someone who has received legitimate money transfers from other hacked computers on the network. To date, more than 400 legitimate accounts have been manipulated in this manner.

The idea is to confuse researchers and to prevent the criminal’s real money mules from being discovered. Although banking Trojans are not new and have been responsible for the loss of many accounts of innocent people, the URLzone represents the first of a frightening and smarter generation of malware. To date, according to police dog, Finjan, this banking Trojan infected as many as 6,400 computers last month alone and was clearing a hefty $17,500 per day!

One can only wonder if Andrew Jackson wasn’t right after all.

It has been said that Old Hickory didn’t trust banks. If your money isn’t safe there, where can it ever be?

Leave a Comment

  1. Anonymous says:

    In your butt.

  2. Dave Smith says:

    Heh, heh. That's what you get for using shitbag Windows and Internet Explorer.

  3. bob says:

    at Dave Smith:

    WTF? What is the relevance of which OS is used? Do you think that it's ok to steal from people?

  4. guest says:

    No, this is what you get for doing sensitive transactions online.

    • wdaergdt says:

      In theory, all banking transactions are processed by computers which involves online comunication. And thus when computers are 'infected' with malware, it can be difficult for both of us to understand.

  5. Guest says:

    You copied the ComputerWorld article, lifting paragraphs practically word for word, you cheating plagiarist!

  6. steve says:

    Good for the plagiarist! I do not read ComputerWorld and I get a decent percentage of my random news from links off and to know it came from a reputable source makes me feel better. Thanks again plagiarist!

  7. Mark says:

    yeah this is an outrage

  8. mr. P says:

    we should forget windows and mac they very vulnerable to this kind of exploit

  9. ryan says:

    The virus writers go to where the fish are, the Linux pond is dry, why fish there? You go to where the Fish are, all OSs can get viruses, the hackers go to where the most users are. If this were Linux, they would be there. Watch in the next two years as Apple owners deal with the realization that their pond has gotten big and they too will get viruses.

  10. Anders says:

    In Denmark, some banks use a keycard with 80 different "pincodes" you have to type in each time you log in, along with your normal password.
    (when there's 20 or so left, a new card is sent from the bank)

    This system is 100% bulletproof – the problem is not big enough yet for banks to deploy it seems, banks just cover whatever petty loss there is to the hackers – credit card theft and ATM abuse is a lot bigger problem.

  11. Jason says:

    @jon @ryan It's obvious you two don't know any OS's other than Windows. The dry pond is an old and lame analogy. Last I checked a majority of the internet is run on *nix systems. The way *nix systems are setup you would have to force an install of malware. Becasue M$ dumbed down their OS to make it easier to use they made it vulnerable.

    • hologram5 says:

      I don't know what ads you are reading but M$ still has the market share of operating systems. Server farms are still running Linux but the majority of home users are using windows.

  12. Guest says:

    @ Jason… How many people *personally* do you know that run *nix based systems? I'll wait around.. it should take you all of .5 seconds to count maybe all 2 of them out.

  13. Jack says:

    No one bothers attacking Mac users accounts because they've got no money because the spent it all buying their Mac 🙂

    But seriously, regardless of OS, this is a new trojan that I was unaware of, lets hope there is some software released soon to help stop this one spreading.

  14. I always use anti virus software that can protect my pc as well as my data!

  15. Oh my God, you mad freak! That’s remarkable post.

  16. the web is powered by linux so the whole 'not enough users' argument doesn't make sense

  17. fisher.2011 says: