Thursday, July 01, 2004

Pop-up program reads keystrokes, steals passwords - News - ZDNet

Pop-up program reads keystrokes, steals passwords - News - ZDNet:
"A malicious program that installs itself through a pop-up can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites, security researchers warned on Tuesday.

The targeted sites include major financial institutions, such as Citibank, Barclays Bank and Deutsche Bank, researcher Marcus Sachs said Tuesday.

'If (the program) recognizes that you are on one of those sites, it does keystroke logging,' said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. 'The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web.' "

Sachs said the Trojan horse was first discovered on the computer of "an employee at a major dot-com." The victim apparently picked up the program from a malicious pop-up ad that used a flaw in Internet Explorer's helper server to install itself on the user's PC. In this case, because of the computer's security settings, the installation failed. Microsoft said IE users should raise the security settings to high until the company issues a patch.

Two other IE flaws, which Microsoft has yet to fix, were used recently in two other hacking schemes, one last week that turned some Web sites into points of digital infection, and another, earlier in the month, that installed a toolbar on victims' computers that triggered pop-ups. This most recent Trojan horse differs from the attack software used in last week's Web site compromises but could be paired with that technique to spread spyware.

Researchers at the Internet Storm Center studied the Trojan horse file, called "img1big.gif," which was provided by the dot-com. Working through the weekend, the security experts reverse-engineered the program and discovered that it targeted a long list of banks and attempted to steal the account information of those institutions' customers.

The program points to a recent trend in computer viruses and remote-access Trojan horse, or RAT, programs: Attackers are increasingly after money.

http://zdnet.com.com/2100-1105_2-5251981.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)