E-banking: New Threat Impacting E-banking Websites
- The California-based M86 Security Labs has identified a Trojan horse named Cridex, spreading through spam campaigns and having already targeted 137 financial institutions worldwide.
- The attacks, seemingly from the same origin as those having impacted WordPress these past weeks, first rely on spams broadcasting corrupted links to webpages infected with a programme named Phoenix. Once installed this programme downloads a virus (without the user being aware of it). The workstation is enrolled in a botnet which already includes over 25,000 PCs.
- Once this process completed, the attackers have access to the user’s browsing history and may capture screenshots in real-time. According to M86, Cridex already includes 137 banks in its bases: structure of the webpages, detection of the entries keyed in transmission fields, possible creation of forms to be filled in by the customers/victims. In addition, the research lab further explains that only few antivirus programmes (10 out the 43 software tested) have been able to detect this threat (also known as Carberp or Dapato).
- These disclosures show that spamming campaigns are still used to spread threats. They also assert the complexity of these programmes travelling through the Web. Furthermore, according to the Californian lab, the Trojan horse is only detected by a limited number of antiviruses, for now, thus speeding up its diffusion.
- The most used system is here again targeted illustrating the importance of having up-to-date antivirus software installed and increasing awareness on the part of the customers. This threat mainly relies on spams to spread: allowing the users to discriminate suspicious e-mails from regular ones may enable them to avoid this risk.