Customers of large banks in the UK, Spain and Germany
are at risk from hackers who have been quietly infecting hundreds
of thousands of computers worldwide with a particularly
sophisticated Trojan horse.
The program, designed to steal bank account information and
other sensitive data from compromised systems, has been behind
attacks that have been going on for several weeks.
According to VeriSign's iDefence unit, the hackers have been
sending out emails prompting users to visit malicious websites that
use a Windows Metafile (WMF) exploit to download a Trojan called
MetaFisher onto a victim’s computer.
The Trojan, also known as Spy-Agent and PWS, is then used to
collect and send bank account and personal information from the
compromised system to remote servers, where the data is
harvested.
MetaFisher is very sophisticated, with a complex management
interface suggesting it may have emanated from a professional IT
department. MetaFisher uses a PHP-based website to track infections
by country and to manage variants and scripts, and includes a query
routine to easily filter stolen data and find keylogger and account
data for specific keywords.
The level of sophistication of this Trojan should really come as
no surprise, given the level of ingenuity out there among the
hacking community. The very professionalism of the way the program
has been written suggests it may well have been written by an IT
professional with an axe to grind, perhaps employed on the side by
organised crime.
It’s a difficult question to ask, but are apparently clean-cut
IT professionals being recruited to do a little moonlighting in
return for supplementing their bank balances?