Symantec warns of dangerous new banking Trojan

---

Deepak on 08:40

---

Hey Frenzz,,,
Symantec Corp. announced the threat posed to the banking trojan Trojan.Neloweg. Furthermore it is able to steal user data, including bank details.

 By studying this threat, experts have found that the program can steal the user details, including banking. In the illustration you can see a partial list of pages on the websites of banks, have fallen under threat.

 Trojan.Neloweg works in the same manner as other banking Trojan, Zeus. Both malicious programs determine which site the user is added thereto, and a special JavaScript. But if Zeus uses its configuration file, it stores the data Trojan.Neloweg on a malicious server.

 When you go to a certain page of the bank, Trojan.Neloweg masks the portion of a page in white, using a hidden tag DIV, and runs your code J ******* pt, located on a dedicated server.The most popular browsers used are Firefox and Internet Explorer, which is used by a majority (50%) of users. Not surprisingly, Trojan.Neloweg attacks through them. Interestingly, he also attacks the browsers that use engines Trident (Internet Explorer), Gecko (Firefox), and WebKit (Chrome / Safari). There is not much reason to attack by others, not as common browsers. It is clear that the attackers may want to cover a greater purpose. The second reason is that some people did not specifically use the best-known browsers for online banking to provide additional security. Attacks on these less popular browsers makes it more likely that they used to work with the banking systems.It should be noted that the Trojans not only seeks to steal bank details, but also other user names and passwords. To achieve this, the authors have given the code browser function bots.

 As can be seen in the screenshot, the browser (in this case, Firefox) can now work as a boat and execute commands. He can handle the content page that is, redirect the user to another page, steal passwords, launch an application or even to destroy itself. Unfortunately, the function of several redundant self-destruct, so it deletes critical system files and allows the user to log on.The method of integration into Firefox is also unique. Previously it was possible to observe the threats posed malicious browser add-on. Therefore, users who have disabled plug-ins, can feel safe. But with Trojan.Neloweg such measures are useless. As a component, it does not appear on the toolbar of Firefox extensions, in contrast to other add-ons and plug-ins. Moreover, using the architecture of Firefox, Neloweg re-creates or establishes itself each time you connect to the Internet Firefox...

Filled Under:

Hacknews