Customers of large banks in the UK, Spain and Germany are at risk from hackers who have been quietly infecting hundreds of thousands of computers worldwide with a particularly sophisticated Trojan horse.
The program, designed to steal bank account information and other sensitive data from compromised systems, has been behind attacks that have been going on for several weeks.
According to VeriSign's iDefence unit, the hackers have been sending out emails prompting users to visit malicious websites that use a Windows Metafile (WMF) exploit to download a Trojan called MetaFisher onto a victim’s computer.
The Trojan, also known as Spy-Agent and PWS, is then used to collect and send bank account and personal information from the compromised system to remote servers, where the data is harvested.
MetaFisher is very sophisticated, with a complex management interface suggesting it may have emanated from a professional IT department. MetaFisher uses a PHP-based website to track infections by country and to manage variants and scripts, and includes a query routine to easily filter stolen data and find keylogger and account data for specific keywords.
The level of sophistication of this Trojan should really come as no surprise, given the level of ingenuity out there among the hacking community. The very professionalism of the way the program has been written suggests it may well have been written by an IT professional with an axe to grind, perhaps employed on the side by organised crime.
It’s a difficult question to ask, but are apparently clean-cut IT professionals being recruited to do a little moonlighting in return for supplementing their bank balances?