OddJob Trojan spotted hijacking banking sessions

Powered by SC Magazine
 

Drive-by malware still under development.

A financial Trojan able to hijack online banking sessions has been spotted.

Trusteer named the new piece of malware OddJob, noting how it could keep banking sessions going even after customers believed they had logged off.

OddJob was used to log requests, grab full pages, terminate connections and inject data into web pages, with all activity relayed to a command and control server.

The malware was able to get hold of session ID tokens, which were used by banks to identify legitimate users, giving cyber criminals the cover they needed.

According to Trusteer, the most significant difference between OddJob and standard pieces of malicious software is that the former only requires the hacker to ride on an existing session, rather than logging into specific online banking computers.

The hackers, based in Eastern Europe, hit financial institutions in the US, Poland and Denmark.

However, the malware could easily be used to acquire funds from any country, explained Amit Klein, Trusteer's chief technology officer, who described OddJob as “fairly exceptional.”

“We definitely expect it to spread across Europe, into the UK etc,” he said.

Klein said the most impressive aspect of OddJob was its speed of evolution, telling IT PRO it will definitely improve as time goes on.

“The malware is still under development. [In the future] we don’t expect to see what we see right now,” Klein added.

OddJob has been seen spreading via drive-by downloads, where users head to a booby-trapped website and have malware installed on their systems without any knowledge of it.

Klein said Trusteer had been unable to report on OddJob until now due to ongoing investigations, although these have now come to a close.

The most well-known financial Trojan in the security industry is Zeus. British Foreign Secretary William Hague recently admitted the UK Government had been targeted by the notorious malware.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


OddJob Trojan spotted hijacking banking sessions
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 823

Vote