back to article Banking Trojan hijacks live chat to run real-time fraud

A new strain of financial malware is hijacking live chat sessions in a bid to hoodwink business banking customers into handing over their banking login credentials or into authorising fraudulent transactions. The attack is being carried out using the Shylock malware platform*, using a configuration that runs a browser-based …


This topic is closed for new posts.
  1. Anonymous Coward

    Browser based financial malware banking trojan

    We need someone to design an anti-browser-based-financial-malware-banking-trojan.

    1. Anonymous Coward
      Anonymous Coward

      Re: Browser based financial malware banking trojan

      In general creating useful software for computer owners is beyond the capabilities of blackhats.

      In the past years there were cases of small IT security companies releasing malware demonstration code against vulnerabilities in useful programs, along with coding tips to avoid detection and to avoid crashes. These would be released openly on the internet to the blackhat community. These small IT security companies would then sell legitimate businesses products to protect against the malware they'd helped create.

      Would blackhats have discovered the vulnerabilities without the help of these small IT security companies? In some cases the vulnerabilities had existed for over 8 years without discovery.

      Security by obscurity: Fallible thought it is, the security of your home, your car, your Apple computer, your Linux box, your bank account, your mechanical wall safe, the US military, MI5, FSB and CIA all partly depend on it.

      Which is why in the non-cyber world we have police to shut down conspirators.

      1. amanfromMars 1 Silver badge

        Re: Re: Browser based Command and Control Pioneers .... SMART Bot Bods*

        "In general creating useful software for computer owners is beyond the capabilities of blackhats." …. AC Posted Wednesday 29th February 2012 09:47 GMT

        How so very true, AC, for it is Favoured Forte Well Favoured with Special Supply Needs and Feeds and Seeds …….. IntelAIgent Supply Provision with QuITE Cosmic SpyAIware for Everywhere to Lead with Basic Loving Needs Passionately Filled Evermore for ITs Raw Empowering Desires.

        Methinks recent dynamic virtual developments have not unceremoniously placed the Present and Past Elite Powered Establishments at a XSSXXXXXRoads. Deny Overwhelming Virtual Savvy and Disappear or Market with Control in Power with All Prospering in a Colossal Civil CyberSpace Command and Control Project seems like a Simple Crazy Decision to Sanely Make.

        The question is asked and lies naked unanswered and one lonely and alone in the quiet.

        An El Reg Special Projects AIMission? A Virtual Sortie into the Realitive Unknown?!.

        *AI Boffins who aren't Buffoons

  2. g00se

    >>Shylock uses a battery of tricks to escape detection by anti-virus scanners

    But would possibly be detected by a little pattern matching against a Gutenberg edition of the works of one W. Shakespeare?

    1. Allan George Dyer Silver badge

      Yes, but...

      There would be a problem with false positives against all the websites demanding <strike>your personal data</strike> a pound of flesh.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yes, but...

        Not really. The code includes only snippets of the play. You can scan and if you see more than just a snippet permit it. So false positives are the not the problem.

        The real problem is he'd just move onto plays by Dostoevsky or some whomever else.

        What the AV should do is look at for signatures in along sections of code, rather than in a expected single location.

        Of course that greatly increases the overhead of the AV, meaning the computer becomes obsolete sooner, providing a boon to hardware vendors along with computer security consultants.

        The only real solution is for police to go after the conspirators who help set up and facilitate these crimes -- the blackhat architects, instructors, authors, teachers, tech support, salespeople and managers. Big money is involved, sales, marketing, so easy to stage a purchase, easy to stage a sting.

        All that is missing is police having the will power to reduce the crime rate.

  3. Mako

    Maybe I'm reading this wrong...

    ...but are we saying that these are *genuine* live chat sessions that are being hijacked?

    If so, presumably the person at the bank's end of the conversation finds themselves abruptly cut off mid-chat, right? I accept the fact that it's not the bank's responsibility to ensure your machine is malware-free, but why not hand the case over to someone in the outbound call centre to give the customer a ring;

    "Hi, you were just in the middle of a live chat with a rep and it seems you got cut off. You okay there?"

    "But...I'm still talking to you. I was just about to authorise XYZ."

    "Okay, you might not want to do that..."

    Or are these disconnects so common that it would be impossible to detect the signal from the noise?

  4. Anonymous Coward
    Anonymous Coward

    So here is a guy openly teaching people how to write and debug more trojans

    So here is a guy who functionally appears to be openly teaching people how to write and debug more banking trojans.

    Why do police not shut him down on conspiracy charges?

    At the upper level he words it as if readers are going to be hunting trojans, writing their own antivirus software. But if you read what he is teaching, he doesn't teach hunting. Instead he provides links to samples of existing code.

    What he teaches is the cloning and debugging of software that does what the samples do, in this case banking trojans.

    1. Anonymous Coward
      Anonymous Coward

      Re: So here is a guy openly teaching people how to write and debug more trojans

      "Why do police not shut him down"

      Because no-one's reported him to the police? Maybe you should try it...

      Then you'll discover why no-one's reported him to the police.

      1. Charles 9 Silver badge

        Re: So here is a guy openly teaching people how to write and debug more trojans

        Or maybe because the police or higher authorities in the hacker's home state are tacitly allowing this to happen since, after all, it's not a crime against their own people, and it IS a form of asymmetric warfare (that's why hackers and such have "safe haven" countries). They're savvy enough to know that this level of cybercrime isn't the kind of thing that would draw true international wrath. After all, they can just play dumb and claim they lack the resources while everyone else lacks the jurisdiction.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022