Results 21 to 24 of 24

Thread: Online bank fraud - Bank malware, webinjects, etc.

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2012-06-26, 21:58 #1
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Online bank fraud - Bank malware, webinjects, etc.

    FYI...

    Online bank fraud automation increases
    Bank malware-server-hosted scripts automate the process
    - https://www.computerworld.com/s/arti...ion_techniques
    June 26, 2012 - "Cybercriminals attempted to steal at least $75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication... The new fraud automation techniques are an advancement over the so-called man-in-the-browser (MitB) attacks performed through online banking malware like Zeus or SpyEye. Banking malware has long had the ability to inject rogue content such as forms or pop-ups into online banking websites when they are accessed from infected computers. This feature has traditionally been used to collect financial details and log-in credentials from victims that could be abused at a later time. However, attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time... The externally hosted scripts called by the malware are designed to work with specific online banking websites and automate the entire fraud process. They can read account balances and transfer predefined sums to money mules... The fraud automation scripts also allow cybercriminals to bypass two-factor authorization systems implemented by banks for security purposes. The malware -intercepts- the authentication process and captures the one-time password generated by the victim's bank-issued hardware token and uses it to perform the fraud in the background. Meanwhile, the user is shown a "please wait" message on the screen..."
    ___

    Criminal malware webinjects priced 'per feature' ...
    - https://www.trusteer.com/blog/la-car...tom-webinjects
    June 26, 2012 - "... criminals are now selling customized webinjects that are priced per feature. For example, one seller offers a webinject for Zeus/SpyEye that contains the automatic transfer system (ATS) that was reported by Trend Micro researchers last week*... In this model, webinjects were developed for specific malware platforms such as Zeus and SpyEye, and priced per platform. Certain platforms commanded a higher price for webinjects. This pricing system was followed with bulk pricing, where criminals offered discounts for large orders, as well as geography-based pricing, where webinjects costs were determined by the geographic location of the target they were designed to attack. That was followed by production cost pricing, where sellers offered cheaper pre-made Webinjects and charged a premium for custom-based webinjects... This latest development in webinject marketing (?) illustrates how the underground marketplace is following traditional software industry pricing schemes by offering a la carte and complete “suite” pricing options. Unfortunately, buying high quality webinjects is getting easier and more affordable, which opens the door for more criminals to get into the business of online banking fraud... Criminals can now specify the precise exploit and target institution that they believe will maximize their ability to successfully commit fraud. And according to basic statistics, the more combinations of exploit types and targets attempted, the more likely it is for fraudsters find those that succeed."
    * http://blog.trendmicro.com/evolved-b...nsfer-systems/
    ___

    Customized Webinjects for Zeus and SpyEye Trojans on sale
    - http://atlas.arbor.net/briefs/index#-708662453
    June 28, 2012
    The underground market for financial fraud malware continues to innovate and offer solutions to criminals.
    Analysis: Banking trojans have been around for years and show no signs of disappearing. Described here are various plugins to extend the functionality of the fraud operation. Plugins such as Balance grabber for $50-100, Balance replacer for $200-300, TAN grabber $150-200, Additional passwords (steals other passwords on the infected system) for $100-200, alerting (keeps the botmaster informed of malware interactions) $100-200 and AZ (to provide for fully automated financial fraud) for $1500-2000.
    Source: https://www.net-security.org/malware_news.php?id=2163

    - http://news.cnet.com/8301-1009_3-574...-to-the-cloud/
    June 30, 2012

    Last edited by AplusWebMaster; 2012-07-02 at 14:49.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules