OddJob Trojan spotted hijacking banking sessions

Powered by SC Magazine

Drive-by malware still under development.

A financial Trojan able to hijack online banking sessions has been spotted.

Trusteer named the new piece of malware OddJob, noting how it could keep banking sessions going even after customers believed they had logged off.

OddJob was used to log requests, grab full pages, terminate connections and inject data into web pages, with all activity relayed to a command and control server.

The malware was able to get hold of session ID tokens, which were used by banks to identify legitimate users, giving cyber criminals the cover they needed.

According to Trusteer, the most significant difference between OddJob and standard pieces of malicious software is that the former only requires the hacker to ride on an existing session, rather than logging into specific online banking computers.

The hackers, based in Eastern Europe, hit financial institutions in the US, Poland and Denmark.

However, the malware could easily be used to acquire funds from any country, explained Amit Klein, Trusteer's chief technology officer, who described OddJob as “fairly exceptional.”

“We definitely expect it to spread across Europe, into the UK etc,” he said.

Klein said the most impressive aspect of OddJob was its speed of evolution, telling IT PRO it will definitely improve as time goes on.

“The malware is still under development. [In the future] we don’t expect to see what we see right now,” Klein added.

OddJob has been seen spreading via drive-by downloads, where users head to a booby-trapped website and have malware installed on their systems without any knowledge of it.

Klein said Trusteer had been unable to report on OddJob until now due to ongoing investigations, although these have now come to a close.

The most well-known financial Trojan in the security industry is Zeus. British Foreign Secretary William Hague recently admitted the UK Government had been targeted by the notorious malware.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing

OddJob Trojan spotted hijacking banking sessions
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx