Print
Discuss
Send to friend
RSS feedsSecurity experts have issued a red alert over a previously undocumented Trojan designed to help criminals break into the accounts of UK internet banking customers.
The Banker-AJ Trojan (Troj/Banker-AJ) targets users of online banks including Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest, according to security firm Sophos.
Banker-AJ has been coded to lie dormant in the background on infected Windows PCs, waiting for users to visit legitimate online banking websites.
Once the user visits one of a number of banking websites the malicious code is triggered into action, capturing passwords and taking screenshots.
This information is then relayed to remote hackers who can use it to break into the bank accounts of innocent users and steal money, Sophos warned.
The security firm has already reported similar techniques being used by criminals to break into Brazilian online bank accounts, but points to growing evidence of the same trick being attempted against UK financial institutions.
Graham Cluley, senior technology consultant at Sophos, said the Trojan was "like having a mugger looking over your shoulder as you type in your Pin number".
"People are increasingly aware of the threat from phishing emails which direct innocent users to fake banking websites in order to capture personal details. But this Trojan is different - it waits until the user visits a real banking website and then surreptitiously monitors the log-in process," he said.
More information about the Banker-AJ Trojan can be found here.
See also:
Enhanced credit and debit card security bad news for e-businesses 26 Nov 2004
Anti-Phishing Working Group reports 'disturbing' new trend 24 Nov 2004Fraudsters looking forward to a very merry Christmas 23 Nov 2004Bank suspend elements of its online service to protect customers 17 Nov 2004
ISA Server 2000 and Proxy Server 2.0 affected by internet spoofing scam 10 Nov 2004Just open an email and you could be the next victim, warns security firm 04 Nov 2004
Survey shows nine out of 10 financial web sites contain security flaws 27 Sep 2004The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack. 15 Apr 2004All Enterprise Security Technology
del.icio.us
Digg this
reddit!
