Security researchers from Symantec warn of a novel banking trojan capable of hijacking the SSL connections betwixt browsers as well as online banking sites inwards a agency that is difficult to spot.
Variants of this malware, which Symantec detects every bit Trojan.Tatanarg, convey been inwards circulation since final October, only its code is believed to live on based on an older threat called W32.Spamuzle.
The trojan has a modular architecture, amongst split components treatment dissimilar tasks, as well as the functionality of most banking malware.
It tin move inject rogue HTML code into pages (man-in-the-browser attacks), disrupt antivirus software, uninstall other banking trojans as well as enable Windows remote access.
It every bit good features a backdoor cistron through which attackers tin move effect commands to command the infected computers.
However, the most interesting functionality of this trojan is its mightiness to business office every bit a proxy betwixt browsers as well as SSL-secured websites.
This is achived past times hijacking the legit SSL connectedness as well as establishing a novel i on the browser terminate using a self-signed certificate.
Alerts are blocked as well as exceptions are added automatically inwards the browser making the assail almost transparent to users.
The HTTPS prefix is present, every bit is the padlock indicating a SSL connection. The alone agency for the user to realize he's non using his bank's certificate would live on to manually cheque the issuer.
Tatanarg is i of several banking trojans that appeared since the crackdown on ZeuS-based cyberfraud operations final year. It seems that unhappy amongst the heat, criminal gangs convey begun developing their ain custom malware.
They every bit good crusade to come upward up amongst innovative assail methods. Just final week, Trusteer reported most a trojan dubbed OddJob which forces browsers to continue sessions opened upward subsequently users intend they successfuly logged out.
Users are advised to ever continue their antivirus programs upward to engagement to ensure they convey the latest protection available. Also, if possible, online banking should live on performed from a dedicated estimator or a alive cd.
The trojan has a modular architecture, amongst split components treatment dissimilar tasks, as well as the functionality of most banking malware.
It tin move inject rogue HTML code into pages (man-in-the-browser attacks), disrupt antivirus software, uninstall other banking trojans as well as enable Windows remote access.
It every bit good features a backdoor cistron through which attackers tin move effect commands to command the infected computers.
However, the most interesting functionality of this trojan is its mightiness to business office every bit a proxy betwixt browsers as well as SSL-secured websites.
This is achived past times hijacking the legit SSL connectedness as well as establishing a novel i on the browser terminate using a self-signed certificate.
Alerts are blocked as well as exceptions are added automatically inwards the browser making the assail almost transparent to users.
The HTTPS prefix is present, every bit is the padlock indicating a SSL connection. The alone agency for the user to realize he's non using his bank's certificate would live on to manually cheque the issuer.
Tatanarg is i of several banking trojans that appeared since the crackdown on ZeuS-based cyberfraud operations final year. It seems that unhappy amongst the heat, criminal gangs convey begun developing their ain custom malware.
They every bit good crusade to come upward up amongst innovative assail methods. Just final week, Trusteer reported most a trojan dubbed OddJob which forces browsers to continue sessions opened upward subsequently users intend they successfuly logged out.
Users are advised to ever continue their antivirus programs upward to engagement to ensure they convey the latest protection available. Also, if possible, online banking should live on performed from a dedicated estimator or a alive cd.
Share This :
comment 0 Comments
more_vert