Jericho botnet hits financial web sites

Powered by SC Magazine
 

Targets passwords and login credentials used at 100 financial institutions.

A new botnet has been detected that steals passwords and login credentials and has targeted more than 100 financial and banking domains.

The Jericho botnet was a variant of banking trojans like Jorik, according to Palo Alto Networks which discovered 42 samples of the malware.

Each unique but related botnet sample was delivered from Israeli IP space, but the engineering of the file appears to be of Romanian origin. The majority of URLs used to deliver the malware ended in ierihon.com (Ierihon means “Jericho” in Romanian).

The malware was  designed to avoid traditional signature-based anti-virus detection and could inject itself into the Windows logon to maintain persistence on the infected host after a reboot.

"What was a bit more interesting was just how efficient the malware was at injecting itself into valid applications such as Firefox, Chrome, Java, Outlook and Skype, and then repurpose their capabilities," the company said. "This not only enables the malware to hide within approved applications during run time, but it also means that standard methods for observing Windows API calls are subverted.”

The top anti-virus solutions detected 3.2 per cent of the 42 samples analysed, a number that increased to 39 per cent over a week.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Jericho botnet hits financial web sites
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 338

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 143

Vote