Web Hosting Security

  Home arrow Web Hosting Security arrow New Trojan Targets Online Banking Sess...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

New Trojan Targets Online Banking Sessions
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1

    Table of Contents:

    Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article



    The convenience of online banking is unquestionable, but it can sometimes leave users' bank accounts exposed to cyber thieves. One recently discovered Trojan that has been called OddJob is a perfect example of the risks associated with online banking. The Trojan grants access to funds in compromised bank accounts after users believe they have logged off. This form of robbery without a gun is made even worse by the fact that victims do not know it is occurring until the damage has already been done.

    Amit Klein, Trusteer's chief technology officer, described the OddJob Trojan in further detail in a blog post.  Although Trusteer detected the OddJob Trojan a few months ago, the company could not officially announce its presence due to investigations being conducted into the matter by law enforcement. The announcement was recently given the green light after the investigations were completed. 

    The actual banks targeted by OddJob were not publicly released, but Trusteer did alert the financial institutions directly to make them aware of the situation. The Trojan has been linked to cybercriminals in Eastern Europe who have been targeting victims in the United States, Denmark, and Poland. According to Klein, OddJob has been continuously tweaked by its creators over time, and its refining process is ongoing.

    OddJob works by intercepting communication between customers and their banks during sessions in Firefox or Internet Explorer. After the communication is intercepted, the Trojan proceeds to steal or inject information into the session. Once finished, it terminates the user session. Besides its ability to steal or inject data and terminate sessions, OddJob can also be used to grab full pages and log GET and POST requests. Any logged requests and grabbed pages are sent in real time to the command and control server. This allows the hackers to hijack the banking sessions in real time without the user's knowledge.  The Trojan uses the session ID token as a cover to impersonate the customer, which gives the hackers free reign over the account to do as they wish.

    There are a couple of traits that make OddJob stand out from other malware. The first is that it allows hackers to simply jump on existing authenticated sessions without the need to log in to the online accounts. This allows them to slip through the virtual cracks quietly. OddJob's second unique trait is that the Trojan can bypass a logout request from a user who wishes to terminate a banking session.  Bypassing the logout request means that the user's account is still exposed even though they believe they have logged out.

    There are a few measures that can be taken to protect yourself from malware like the OddJob Trojan. Do not click on any links that appear in suspicious email messages. Make sure that you are running solid antivirus software, and do not forget to update it regularly. For even further protection, use secure web access software to protect your online banking sessions. The use of secure web access software, such as Trusteer's Rapport, can add an extra layer of security against online thieves.

    For more on this topic, visit http://www.trusteer.com/blog/new-financial-trojan-keeps-online-banking-sessions-open-after-users-%E2%80%9Clogout%E2%80%9D.

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou


    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap