Latest phishing scam tries a different line to hook users

12 Nov 2004

Security researchers have discovered a new Trojan horse program used for breaking into users’ bank accounts when they are online. The current scam targets customers of some banks in the UK but Irish banks could be victims in future, the security software company Sophos has warned.

Unlike other phishing scams which involve creating a replica website of a real bank for unwitting users to visit which then captures their confidential banking details, this Trojan horse monitors when people visit their own genuine banking website. The software then records the keystrokes used to enter passwords or it takes screenshots.

According to Sophos, this information is then relayed to criminals who can use it to break into the bank accounts of innocent users and steal their money. “What makes this more interesting is that it doesn’t take you to a bogus web page; it waits until you go to your actual bank site and then it starts keylogging,” said Carole Theriault, security consultant with Sophos.

Discovered earlier this week, Troj/Banker-AJ targets users of online banks such as Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest. Theriault told that this particular Trojan looks for a specific list of banks. “As well as the UK, we’ve also seen them in Brazil and the US,” she said. “I wouldn’t say this Trojan is widespread but it’s very difficult to gauge as it’s often on people’s computers without their knowledge,” she added.

Although Irish users are not at risk from this rogue program, Theriault said that future Trojan horses could be programmed to monitor for users visiting Irish banks. “I’m sure in the future, the list of banks will be widened and potentially, some of those will be in Ireland.” Proving that no country is too small to be targeted by internet criminals, already this year AIB bank and the credit card provider MBNA have been in traditional email-based phishing scams.

Trojan horse programs are often downloaded without the user’s knowledge; sometimes they are triggered by visiting unfamiliar or inappropriate websites. In other cases, they could be downloaded by clicking on a link in a spam email. Theriault advised users not to go to sites that aren’t responsible or reputable. Use of antivirus tools and spam filtering software will also help users to avoid malicious emails which could trigger unwanted downloads.

By Gordon Smith