Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Worms News IT

Financial Malware Hijacks Online Banking Sessions 161

Posted by CmdrTaco from the your-password-is-31337 dept.
Orome1 writes "A new type of financial malware has the ability to hijack customers' online banking sessions in real time using their session ID tokens. The OddJob Trojan keeps sessions open after customers think they have 'logged off,' enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users' digital — and online monetary — assets."
This discussion has been archived. No new comments can be posted.

Financial Malware Hijacks Online Banking Sessions More

Financial Malware Hijacks Online Banking Sessions

Comments Filter:

  • Real Issue or Ad? (Score:5, Informative)

    by jasnw ( 1913892 ) on Tuesday February 22, 2011 @11:38AM (#35279688)

    From the source site (the blog at http://www.trusteer.com/ [trusteer.com]

    "The good news is that Trusteer's Rapport secure web access software- which is now in use by millions of online banking customers - can prevent OddJob from executing."

    Now, I don't know Trusteer's rep, but when I see a story like this that originates from what appears to be a source that's in the business of selling security software, I want a second opinion from another source. A quick "google" for OddJob finds stories that all seem to tie back to Trusteer's blog entry. This story also doesn't say much about platform sensitivity. Is this an issue on any OS platform that uses Firefox, for example?

  • Not good (Score:5, Informative)

    by sakdoctor ( 1087155 ) on Tuesday February 22, 2011 @11:46AM (#35279798) Homepage

    http://www.computing.net/answers/security/rapport-security-software-avoid-using-it/28295.html [computing.net]

    This product is to be avoided at all costs...if anyone is still having problems, I have managed to switch it off and uninstall it, altho' the Rapport/Trusteer team clearly did not want to help, and many believe it's not intended to be uninstalled.

  • Re:that would not help. (Score:3, Informative)

    by Frankiezzz ( 2001558 ) on Tuesday February 22, 2011 @12:10PM (#35280086)
    If you use a live cd, then you're not booting to your [presumably] windows hard drive, so you are therefore avoiding any malware/trojan/virus therein. There are no cookies or session id's or anything else saved from a live cd. All it takes is a reboot to a Live cd, do your online banking, remove cd, reboot to windoze. http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_non.html [washingtonpost.com]

  • Re:Your "FUD", vs. MY FACTS... ok? Step inside... (Score:2, Informative)

    by Anonymous Coward on Tuesday February 22, 2011 @01:35PM (#35281104)

    You didn't read further...

    The most severe unpatched Secunia advisory affecting Linux Kernel 2.6.x, with all vendor patches applied, is rated Less critical

    The most severe unpatched Secunia advisory affecting Microsoft Windows 7, with all vendor patches applied, is rated Highly critical

    Don't even get me started on Microsoft applying patches on patches without reporting it to users.

    Here's where you are wrong: By Microsoft's own admission, Windows 7 kernel is the same as Windows Vista kernel only adding new features. That means all of Vista's problems are 7's problems. You were comparing it to the entire 2.6.x series kernel right? In reality you should really only be comparing kernel 2.6.27 and newer as all older versions have reached end of life.

    So even counting the end of life versions of the kernel we have 2.6.x - Unpatched 5% (13 of 249 Secunia advisories) = 13 unpatched
    and Vista 7% (9 of 138 Secunia advisories) + 7(same kernel) 11% (6 of 57 Secunia advisories) = 9+6 = 15 unpatched

    So the kernel found in both Vista and 7 has 2 more unpatched advisories and some of them are rated highly critical none in the Linux kernel are. How many super secret microsoft patches never caught prior to patching and/or acknowledged? Who knows. You fail.

  • Re:Why? (Score:4, Informative)

    by Athanasius ( 306480 ) <slashdot.miggy@org> on Tuesday February 22, 2011 @01:51PM (#35281332) Homepage

    This is why although my bank has a security token thing (it's actually a small Chip & PIN terminal requiring you have the card and know the PIN) it only ever requires this be used when you set up a new payee and the first time you send money to that payee. So outside of a bank customer setting up a new payee anyway and the returned codes being intercepted to set up a different payee quickly enough the best a trojan can do is see your account statements, transfer money between your own accounts and pay money to people you already expect to pay. Yes, this means they can fuck with you, but they can't usefully (to them) steal your money.

    Oh, and now I think about it they couldn't usefully do the MITM either, as the input is partially based on the receiving account number or somesuch. So unless they bad guys have an account that matches sufficiently closely the authorisation codes are going to be useless to them.

    They have big fat warnings up about how the thing will never be asked for simply for logging in (not that I expect that would stop some stupid people falling to a MITM attack).

Slashdot Top Deals

BLISS is ignorance.

Close