Wednesday, September 30, 2009

A New way to steal money with a Trojan

Till now Trojans were known to harm computers by corrupting system files etc. Well now the limit being stealing online money. Heres a report on the new kind of virus and its activities. The world is really going somewhere.

Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn't just steal your bank log in credentials but actually steals money from your account while you are logged in and displays a fake balance.

The bank Trojan, dubbed URLzone, has features designed to thwart fraud detection systems which are triggered by unusual transactions, Yuval Ben-Itzhak, chief technology officer at Finjan, said in an interview on Tuesday. For instance, the software is programmed to calculate on-the-fly how much money to steal from an account based on how much money is available.

The specific Trojan Finjan researchers analyzed targets customers of unnamed German banks. It was linked back to a command-and-control server in Ukraine that was used to send instructions to the trojan software sitting infected PCs. Finjan has notified German law enforcement authorities, Ben-Itzhak said.

"It's a next generation bank trojan," he said. "This is part of a new trend of more sophisticated Trojans designed to evade antifraud systems."

Finjan researchers were able to trace the communications from the code on an infected machine back to the command-and-control server, which was left unsecured, according to Ben-Itzhak. On that server, they saw the LuckySploit administration console and were able to see exactly what types of rules the Trojan was written to follow and statistics on victims.

About 90,000 computers visited the sites housing the malware and 6,400 of them were infected, a 7.5 percent success rate, he said. Of those whose computers had the Trojan installed, a few hundred had money stolen from their bank accounts, he added.

During the span of 22 days in mid-August, the criminals behind the Trojan stole the euro equivalent of nearly $438,000, according to the security company.

Here's how the trojan works:

Potential victims get their computers infected either by opening an e-mail and clicking on a link to a Web site created to distribute malware or by visiting a site that has been compromised and malware hidden on it.

In this case the malware, a toolkit called LuckySpoilt, exploits a known security hole in the browser, affecting the major browsers, and installs the Trojan on the computer. When the Trojan notices the computer user visiting the site of a targeted bank it springs into action.

While the computer user goes about his or her business on the site, the Trojan looks at the available balance and figures out how much money to steal. The Trojan is given a minimum and a maximum range that is below the amount that triggers antifraud systems and to leave a certain percentage in the account, Ben-Itzhak said.

After performing the calculation, the Trojan then makes the transaction, communicating with the bank site through the browser without the computer user knowing.

"The Trojan is sending requests to the bank and getting replies that your browser doesn't display," Ben-Itzhak said. "You are looking at your account and you don't see any of it."

The Trojan has the money sent to the bank account of a money mule, someone who has an account set up to receive the funds. Money mules are typically people recruited online as "independent contractors" or "financial managers" whose sole purpose is to wire the money placed into their account to someone else, typically out of the country, in exchange for a commission. Because their accounts are used only once or twice, they often do not realize the ruse immediately, Ben-Itzhak said.

Meanwhile, the Trojan hides the theft by erasing it from the report of account activity displayed to the computer user and shows a fake balance--what the amount would be if not for the theft. The victim will not notice something is wrong until a different, uncompromised computer is used to access the account, an ATM is used, or a transaction is denied because of insufficient funds.

The Trojan also keeps a log of the victim's bank account log in credentials, takes screenshots, and snoops on the user's other Web accounts, such as PayPal, Facebook, and Gmail, according to the Finjan report.

This is the first Trojan Finjan has come across that hijacks a victim's browser session, steals the money while the victim is doing online banking, and then covers its tracks by modifying information displayed to the victim, all in real time.

Tuesday, September 29, 2009 India News Consumer Electronics Dell Launches Ultra Slim Notebook - Latitude Z India News Consumer Electronics Dell Launches Ultra Slim Notebook - Latitude Z

Shared via AddThis

An Interesting iphone App

The iPhone App for the iT Staff

It’s been coming. iPhone apps started with the average consumer, then spread to small businesses, now they’ve hit the corporate level. Several apps are now aimed directly at the people who run computer networks for companies. On top of that, new businesses are springing up to make money from installing and supporting the apps on other companies’ devices…

PocketCloud, an iPhone app from Wyse Technology, a San-Jose based computer company, is one of several in the App Store that are more for IT people than average consumers. Simply, it lets employees access their Windows desktops from an iPhone.

Forgot to run a report, send an email, or backup the hard drive? Run PocketCloud and the phone's screen looks and functions just like the computer at work. If typing is needed, it brings up the iPhone's keyboard. A lot of effort was put into the software's interface so that you can see the cursor next to your finger, read the help bubbles that popup next to links, right-click, and view it in widescreen.

Most iPhone apps average around a $1 or so. PocketCloud is $29.95. Still, it's been downloaded some 10,000 times since it was released a month ago. Jeff McNaught, Wyse's Chief Marketing and Strategy Officer says that's because actual IT folks are snatching it up. They don't mind paying because it's the first time they've had this kind of mobility and it's worth the money, he says. The reviews on iTunes are effusive.

(One reason Wyse charged $29.95 was to keep people from picking it up cheaply to experiment, not becoming able to figure out its proper use, and end up posting a negative review of the software on iTunes.)

So how can it save companies money? Imagine an e-commerce company that makes a million dollar a minute has a server acting up after hours that needs to rebooted... You can see the need for immediacy.

Security is on the company's computer, not the phone, so no one can hack through the iPhone if it gets lost or stolen. Anyway, the newer iPhones have encryption and a "remote wipe" feature that lets owners erase the phone from any computer.

If a company wants something like PocketCloud and lacks the knowledge or bravery to deploy it, it could turn to an outfit like Enterprise Mobile. The Watertown, Mass.-based company has made a business out of installing mobile apps for businesses, integrating them with the old software, and making sure all the kinks get worked out.