Banking Trojan spreading rapidly


Banking Trojan spreading rapidly

Antony Savvas

Web portal Lycos is warning users of a rapidly spreading Trojan virus that tries to direct users to fake banking sites.

Lycos said Barclays and Bank of Scotland are the latest banks to see their sites copied and users directed to the fakes, where their log-ins and passwords can be recorded for fraud.

Last month, Lycos said it tracked and stopped 3.3m attempts to load the Troj/BankAsh-A malware. In March, the portal only recorded 40,000 attempts.

Once downloaded onto users machines the Trojan is only activated when users try to log into a legitimate banking site, such as Barclays or Bank of Scotland.

"The stolen details are used to hi-jack bank accounts and for identity theft," said Wessel van Rensburg, Lycos UK head of email. "While these crimes are not new, the methods by which data is obtained is extremely sophisticated."  

Troj/BankAsh-A is distributed via an email attachment. Once opened the user’s machine downloads the malware from a malicious website. It then remains undetected on the machine until the user tries to log-in to a banking website.

However, even if users type in the correct domain name for the banking site they want, they are not linked to that site as hackers have managed to change the configurations of internet domain name servers.  

Users with the Trojan are instead directed to a different IP address to the one normally associated with the legitimate website.

The Trojan is also being distributed on peer-to-peer networks and via adware and spyware, said Lycos.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy