Sister CISA CISSP

Mar 24 2010   12:35PM GMT

Painfully Educational



Posted by: Arian Eigen Heald
Tags:
ACH Fraud
Banking Fraud
Data Breaches
information security

I’ve talking a fair amount about ACH fraud and how they are committed by banking Trojans. At a recent forensic exam I discovered not one, but three banking Trojans on a CFO’s hard disk.

Want to know (I know you don’t not really…but) exactly how they work?

Here’s a down-to-the-code analysis from analysis from TraverseCode.com that explains the inner workings, but the really educational one comes from a blog written by a Czech (my apologies to the man, but I can’t pronounce his name nor read the language on his Facebook page) that describes how and where the Trojan is “sold,” the different models “sold,” and how much each model costs to buy from the author of the code.

He has done an impressive amount of research about this code, as well as how there is a thriving market for this type of code. He discusses how the code “calls home” to get more information, or downloads a client software so that the hacker can actually access, unseen, the user’s computer and see what he/she is typing, what pictures, and even the key generator number.

He suggests, and I can’t recommend strongly enough, that people use a segregated computer for financial activities. VMWare is going to have quite a sale in workstation licenses, really soon, if not NOW.

It’s going on my computer when I get home.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: