Search

Search for words used in entries on this website

Enter the words[s] to search for here:

Sponsors

Pop-Up Program Snatches Banking Passwords

Customers who use a number of the top online banking sites are at risk of falling prey to a new Web-based attack that snatches user IDs and passwords for these sites. Among the sites targeted by the attack are some owned by Citibank, Deutsche Bank and Barclays Bank.

The attack is rather complex and appears to use a known flaw in Internet Explorer (IE) to drop a Trojan horse program on vulnerable machines. The Trojan is delivered through a malicious pop-up ad that loads a file called "img1big.gif" onto the machine. The file is in fact a compressed Win32 executable that contains the Trojan and a DLL.

The DLL is installed on the PC as a BHO (Browser Helper Object), a type of DLL that normally is used to let developers control IE in certain circumstances. When IE runs on a machine infected with the malicious BHO, the file monitors IE's activities for any HTTPS sessions with URLs that have any of a large number of banking-related strings in them.

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		Emoticons / Textile
Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots. What are the first four letters of Techlog?     ( Register your username / Log in )
Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.