Phishers Raise The Bar

By | April 12, 2004

Phishers can now access banking websites that use an extra ‘keylog-proof’ security layer.

For several months phishers — folk fooling you into giving up valuable passwords — have used keylogging software which will capture passwords and user names as you type them into banking and other financially-oriented sites. But these aren’t much use against websites that use extra layers of security that don’t require the user to type anything, but instead click on something. At Britain’s Barclays bank, for example, users are required to select from a list two letters matching a pre-selected secret word. Keyloggers aren’t any use against this, since there’s no keyboard clicking taking place and so no letters or numbers to capture.

Enter a key kind of phishing trojan, documented by the ever vigilant Daniel McNamara of Code Fish. While capturing keystrokes like other keylogging trojans, this one also captures screen shots (images of whatever is on the screen) and sends them along to a Russian email address. It captures a host of other goodies too, including whatever text the user happens to copy to the clipboard while they’re accessing the banking website in question (A smart move: Users often copy their password to the clipboard and then paste it into the appropriate field.) The target in this case? Barclays bank.

As Daniel points out, it seems as if this trojan has already been spotted. Symantec and other anti-virus vendors have in the past week referred to it, or something like it, calling it, variously, Bloodhound.Exploit.6, W32/Dumaru.w.gen, Exploit-MhtRedir and Backdoor.Nibu.D. And Barclays may be referring to the scam when it warns its users that “Some customers have been receiving an email claiming to be from Barclays advising them to follow a link to what appear to be a Barclays web site, where they are prompted to enter their personal Online Banking details.” (Although in fact the email in question doesn’t do this: It disguises itself as a web hosting receipt, and makes no mention of Barclays or online banking. The victim is instead lured by curiosity to a link in the email which takes them to a website that downloads the trojan in question.)

But none of these messages indicate the seriousness of this escalation. Whether this phishing trojan is just a proof of concept or specific attack against Barclays, it should send some serious warning signals through both the anti-virus industry and the online banking world. Phishers are getting smarter, and getting smarter quick. As Daniel himself writes, “This is a huge step in the phisher trojan evolution…This well-designed trojan should make anyone who has complete faith in visual selection systems a little bit worried.”

One thought on “Phishers Raise The Bar

  1. Justin Hoffman

    Shit Apple fallen from the tree. It doesn’t fall far as we can see. The one with the worm was meant to be. One who neglects their fruit will come up empty. You let others rape the harvest from the ole shit tree. Pawned them off so you could be free, I see you are a fool to lose one isn’t cool. Never send a boy to do the work of a man. The orchard is no place for a gullible lad.

    Ha ha

    STOOL Time šŸ™‚


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.