The convenience of online banking is unquestionable, but it can sometimes leave users' bank accounts exposed to cyber thieves. One recently discovered Trojan that has been called OddJob is a perfect example of the risks associated with online banking. The Trojan grants access to funds in compromised bank accounts after users believe they have logged off. This form of robbery without a gun is made even worse by the fact that victims do not know it is occurring until the damage has already been done.
Amit Klein, Trusteer's chief technology officer, described the OddJob Trojan in further detail in a blog post. Although Trusteer detected the OddJob Trojan a few months ago, the company could not officially announce its presence due to investigations being conducted into the matter by law enforcement. The announcement was recently given the green light after the investigations were completed.
The actual banks targeted by OddJob were not publicly released, but Trusteer did alert the financial institutions directly to make them aware of the situation. The Trojan has been linked to cybercriminals in Eastern Europe who have been targeting victims in the United States, Denmark, and Poland. According to Klein, OddJob has been continuously tweaked by its creators over time, and its refining process is ongoing.
OddJob works by intercepting communication between customers and their banks during sessions in Firefox or Internet Explorer. After the communication is intercepted, the Trojan proceeds to steal or inject information into the session. Once finished, it terminates the user session. Besides its ability to steal or inject data and terminate sessions, OddJob can also be used to grab full pages and log GET and POST requests. Any logged requests and grabbed pages are sent in real time to the command and control server. This allows the hackers to hijack the banking sessions in real time without the user's knowledge. The Trojan uses the session ID token as a cover to impersonate the customer, which gives the hackers free reign over the account to do as they wish.
There are a couple of traits that make OddJob stand out from other malware. The first is that it allows hackers to simply jump on existing authenticated sessions without the need to log in to the online accounts. This allows them to slip through the virtual cracks quietly. OddJob's second unique trait is that the Trojan can bypass a logout request from a user who wishes to terminate a banking session. Bypassing the logout request means that the user's account is still exposed even though they believe they have logged out.
There are a few measures that can be taken to protect yourself from malware like the OddJob Trojan. Do not click on any links that appear in suspicious email messages. Make sure that you are running solid antivirus software, and do not forget to update it regularly. For even further protection, use secure web access software to protect your online banking sessions. The use of secure web access software, such as Trusteer's Rapport, can add an extra layer of security against online thieves.
For more on this topic, visit http://www.trusteer.com/blog/new-financial-trojan-keeps-online-banking-sessions-open-after-users-%E2%80%9Clogout%E2%80%9D.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou