I’ve talking a fair amount about ACH fraud and how they are committed by banking Trojans. At a recent forensic exam I discovered not one, but three banking Trojans on a CFO’s hard disk.
Want to know (I know you don’t not really…but) exactly how they work?
Here’s a down-to-the-code analysis from analysis from TraverseCode.com that explains the inner workings, but the really educational one comes from a blog written by a Czech (my apologies to the man, but I can’t pronounce his name nor read the language on his Facebook page) that describes how and where the Trojan is “sold,” the different models “sold,” and how much each model costs to buy from the author of the code.
He has done an impressive amount of research about this code, as well as how there is a thriving market for this type of code. He discusses how the code “calls home” to get more information, or downloads a client software so that the hacker can actually access, unseen, the user’s computer and see what he/she is typing, what pictures, and even the key generator number.
He suggests, and I can’t recommend strongly enough, that people use a segregated computer for financial activities. VMWare is going to have quite a sale in workstation licenses, really soon, if not NOW.
It’s going on my computer when I get home.