Posts
Today Windows 7 News
and Tips web blog at http://www.windows7news.com posted some
interesting information concerning a new attack method being used to take
control of online banking sessions. Although this is not currently wide spread
and no solution has been formulated as of today, experts are working on the
problem and more information will follow soon. For now I thought it would be
good to make you aware of the problem so you can keep an eye on your accounts.
Below is a repost of the Windows 7 post:
You go online and connect to your bank. You do your transactions, and then you logout. Or so you think.
There is a new type of financial malware program that has started to make the rounds with the ability to hijack a customers’ online banking sessions in real time using their session ID tokens. This program, called OddJob, keeps sessions open after customers think they have “logged off.” This enables criminals to extract money and commit fraud unnoticed, they are in, and you think you’re out…but you’re not.New Attack Methodology
This malware attack pushes the hacking envelope through the evolution of existing attack methods. Hackers, who are curious sort can side-step many commercial IT security applications traditionally used to defend users’ digital – and online monetary – assets.
Security firms have been monitoring OddJob for a few months, but have not been able to report on its activities until now due to ongoing investigations by law enforcement agencies. These have just been completed.
A work in progress
While it appears to be a new approach to attack users, it appears to be a work in progress, Trusteer has noted differences in functions in recent days and weeks, as well as the way the Command & Control (C&C) protocols operate. It is their contention that these functions and protocols will continue to evolve in the near future, and that the analysis of the malware’s functionality may not be 100 per cent complete as the code writers continue to refine it.
Where the weakness is
OddJob’s most pernicious characteristic is that it is designed to intercept user communications through the browser. It steals and injects information and terminate user sessions inside Internet Explorer and Firefox. This program is different from conventional hacking because the hackers do not need to log into the online banking computers – they simply ride on the existing and authenticated session. So when a user “logsout” the event does not occur, even though the user thinks he/she has terminated the banking session. But the hacker, is now in.
