OddJob Trojan spotted hijacking banking sessions

Powered by SC Magazine

Drive-by malware still under development.

A financial Trojan able to hijack online banking sessions has been spotted.

Trusteer named the new piece of malware OddJob, noting how it could keep banking sessions going even after customers believed they had logged off.

OddJob was used to log requests, grab full pages, terminate connections and inject data into web pages, with all activity relayed to a command and control server.

The malware was able to get hold of session ID tokens, which were used by banks to identify legitimate users, giving cyber criminals the cover they needed.

According to Trusteer, the most significant difference between OddJob and standard pieces of malicious software is that the former only requires the hacker to ride on an existing session, rather than logging into specific online banking computers.

The hackers, based in Eastern Europe, hit financial institutions in the US, Poland and Denmark.

However, the malware could easily be used to acquire funds from any country, explained Amit Klein, Trusteer's chief technology officer, who described OddJob as “fairly exceptional.”

“We definitely expect it to spread across Europe, into the UK etc,” he said.

Klein said the most impressive aspect of OddJob was its speed of evolution, telling IT PRO it will definitely improve as time goes on.

“The malware is still under development. [In the future] we don’t expect to see what we see right now,” Klein added.

OddJob has been seen spreading via drive-by downloads, where users head to a booby-trapped website and have malware installed on their systems without any knowledge of it.

Klein said Trusteer had been unable to report on OddJob until now due to ongoing investigations, although these have now come to a close.

The most well-known financial Trojan in the security industry is Zeus. British Foreign Secretary William Hague recently admitted the UK Government had been targeted by the notorious malware.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing

OddJob Trojan spotted hijacking banking sessions
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.