1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Finjan warns over new banking Trojan

Discussion in 'Article Discussion' started by CardJoe, 1 Oct 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. The Jambo

    The Jambo Last on the scene

    Joined:
    26 Mar 2008
    Posts:
    79
    Likes Received:
    0
    I've never wanted it to be April 1st while reading an article as much as I do now.
     
  3. l3v1ck

    l3v1ck Fueling the world, one oil well at a time.

    Joined:
    23 Apr 2009
    Posts:
    12,945
    Likes Received:
    17
    Thank heavens for NoScript.
     
  4. cjoyce1980

    cjoyce1980 New Member

    Joined:
    17 Jul 2007
    Posts:
    404
    Likes Received:
    0
    browser and os updates galore again
     
  5. simonw

    simonw New Member

    Joined:
    24 Jun 2009
    Posts:
    146
    Likes Received:
    4
    Scary - good thing I have already moved to Linux for my Internet.
     
  6. pimonserry

    pimonserry sounds like a party.

    Joined:
    20 Dec 2008
    Posts:
    2,113
    Likes Received:
    75
    This one actually sounds nasty: most of them can't really log into the online banking systems AFAIK
     
  7. airchie

    airchie New Member

    Joined:
    22 Mar 2005
    Posts:
    2,136
    Likes Received:
    2
    The scariest thing about this trojan is that it doesn't just sniff your bank login details and then let a user try to log in and pilfer your cash, it lets the user log in and then changes the commands on the fly, in both directions, to allow it to rip you off without you even knowing.

    Worst of all, this will completely defeat multi-factor authentication.
    Scary stuff! :(
     
  8. Shagbag

    Shagbag All glory to the Hypnotoad!

    Joined:
    9 Nov 2006
    Posts:
    320
    Likes Received:
    4
    Looks like they forgot to install Microsoft's latest "Security Essentials". rofl.

    "This security breach has been brought to you by Microsoft Windows."
     
  9. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    Scary stuff indeed but I dispute your claim that it will defeat multifactor auth - my bank supplies a little keypad thing that I have to insert my card into. If I want to make a transfer to a new recipient I have to enter the recipient account number, amount and a challenge code, all of which is then hashed together with some unique data from my card to produce an auth code that has to be typed back onto the site in order to make the transfer. It is a crashing bore, but does make me feel a bit more secure after today's news. This trojan can't possibly calculate the requisite authentication code, so can't make silent transfers. Not only that, the authentication code is recipient dependent, so the trojan can't intercept and divert my legit transfers either (the server wouldn't accept the auth code because I would have typed the intended recipeient's bank a/c number into the keypad, but the trojan would be trying to post to a different a/c and the auth wouldn't match).
     
  10. NuTech

    NuTech New Member

    Joined:
    18 Mar 2002
    Posts:
    2,222
    Likes Received:
    96
    Reading this article, like the replies before me, I know should be worried/paranoid/disguised...but...

    I just can't help but be impressed by all this. Exploiting flaws, siphoning small but significant amounts dynamically, modifying the html code so you see nothing out of the ordinary?

    Assuming this is actually real and not just some deliberate rumour put out by security firms, then wow. Really makes you wonder about the type of person able to code such a sophisticated trojan.
     
  11. War-Rasta

    War-Rasta New Member

    Joined:
    22 May 2002
    Posts:
    398
    Likes Received:
    0
    I agree with NuTech, I'm also impressed by the level of sophistication and the amount of work that was put into this thing. The sad part is that if this person were using his skills for good he or she would be able to achieve great things that are actually useful for everybody.
     
  12. K.I.T.T.

    K.I.T.T. Hasselhoff™ Inside

    Joined:
    1 Jan 2005
    Posts:
    624
    Likes Received:
    1
    *cough* Entrapment *cough* Swordfish *cough*

    I'm going to have to agree again with the two people beofre me, what its doing is devilishly ingenious and to be honest quite cool because to do it all on the fly in such a way and no one at either end is none the wiser is clever, very clever in my opinion and it must have taken some serious work to get it to a ready state.

    At the same time though it is very scary for the not so tech savy and even the tech savy as they'd know nothing about whats going on until its all over.
     
  13. airchie

    airchie New Member

    Joined:
    22 Mar 2005
    Posts:
    2,136
    Likes Received:
    2
    That's really good to hear Mclean.
    Now you mention it, I have a card reader thing I need to use i order to add a new recipient of cash to my online banking.
     
  14. Aracos

    Aracos New Member

    Joined:
    11 Feb 2009
    Posts:
    1,338
    Likes Received:
    47
    I have nothing more to say ^_^
     
Tags: Add Tags

Share This Page