Re: New Trojan re-writes online bank statements to cover fraud

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Sep 30, 2009 at 10:49 AM, RandallM <randallm () fidmail com> wrote:

> On Wed, Sep 30, 2009 at 8:33 AM,  <funsec-request () linuxbox org> wrote:

> > "New malware being used by cybercrooks does more than let hackers loot
> > a bank account; it hides evidence of a victim?s dwindling balance by
> > rewriting online bank statements on the fly, according to a new report.
> >
> > The sophisticated hack uses a Trojan horse program installed on the
> > victim?s machine that alters html coding before it?s displayed in the
> > user?s browser, to either erase evidence of a money transfer
> > transaction entirely from a bank statement, or alter the amount of
> > money transfers and balances." --clip--
> >
> > More at
> > http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/
> >
> > It appears that this is something totally new...
> >
> > Juha-Matti
>
> Could this also turn in to a new form of "Redirect", that is, alter
> the incoming pages to set up to links?

Actually, this is what is known as the "URLzone" or "Bebloh" Trojan...

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFKw7Zfq1pz9mNUZTMRAhNcAKCby429ibISb+Cra3+g6TD4sxjegQCeN26s
RX1H5wusngkjKZSt+0knZB0=
=e9f8
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawgster(at)gmail.com
ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.