New Bank Trojan Virus Steals Money

Email  Print Print  

Trojan HorseFinjan, an internet security firm, has discovered a new Trojan horse virus that steals money from your account. Your typical phishing or virus will steal your login credentials and send it to a thief, who either sells it or empties your account. This new virus, called URLZone, will steal your credentials but also steal money from your account, all the while displaying a fake balance when you login. How much it steals depends on your much is available, it only steals enough not to trigger a bank’s fraud detection systems.

At the moment, URLZone can only infect Windows systems using Firefox, Internet Explorer 6, 7 & 8, or Opera web browsers. Computers are infected when you open an e-mail, click on a website distributing malware, or visit an infected website using one of those browsers. When you visit a targeted bank, and it’s thus far been limited to German banks, the trojan transfers money without you even knowing.

This is the first Trojan Finjan has come across that hijacks a victim’s browser session, steals the money while the victim is doing online banking, and then covers its tracks by modifying information displayed to the victim, all in real time, Ben-Itzhak [chief technology officer at Finjan] said.

This is scary.

Banking Trojan steals money from under your nose [CNet News]

(Photo: hendricksphotos)

{ 21 comments, please add your thoughts now! }

Related Posts

RSS Subscribe Like this article? Get all the latest articles sent to your email for free every day. Enter your email address and click "Subscribe." Your email will only be used for this daily subscription and you can unsubscribe anytime.

21 Responses to “New Bank Trojan Virus Steals Money”

  1. zapeta says:

    Thanks for the heads up!

  2. Neil says:

    A bit scary, but I have to respect the creativity. That is simply brilliant.

  3. Mike Piper says:

    Hah, I was just about to comment on its brilliance as well. Looks like Neil beat me to it.

  4. Can you imagine if you used a mixture of affected and unaffected systems? It’d be a bit of a head scratcher when the balance is X on one computer and Y on another.

  5. Bernz says:

    How do we prevent this. This is really scary. Hey, I guess one way is not to put too much money into your bank?

  6. Yana says:

    Wow, that’s bad. My husband and I have been using Opera browser for years, but I switched a few months ago to SeaMonkey. He still uses Opera, though, but I’m the one who does the online banking. Still scary, though.

  7. Yana says:

    I think the best you can do to prevent this is to be aware and proactive about what goes into your browser, including which cookies you allow. You can set most browsers to ask you before allowing individual cookies, and once you choose to allow it/disallow it permanently, you’re done. Over time, you can determine which cookies you have to have to enjoy good sites, and which are tracking cookies and not necessary. Also set the browser to delete non-critical (or all) cookies and clear the cache after each session.

    If you use Firefox, you can avail yourself of this – – which I use with SeaMonkey. I only just discovered it a few months ago, and I love it. It is extra security, because a website can’t even load everything or run scripts without your express permission. It makes me feel safer.

    I also really like SeaMonkey’s mail program and especially “Composer” – the built-in text editor. I have a cheap and annoying printer, and always have trouble getting it to print right, but with Composer, it prints absolutely beautifully. These things and NoScript got me to switch from Opera, with the added plus that SeaMonkey works on more sites – such as Facebook 😉

  8. eric says:

    All I can say: thank god for Macs. 😀

    • JD says:

      I agree with this. Not to sound ignorant however, People complain about Mac’s overpriced system all the time, but with threats like this that only affect windows, I’m glad I purchased one.

  9. These criminals are GENIUS!

    As for protecting yourself, why not use Mint/Quicken, Wesabe, Thrive, et al. to monitor balances and transactions? Since this trojan is setup to replicate financial institutions’ websites, using a third party account aggregator would give a second source of data that the criminals are not targeting for the fake balance in the browser. Also, for Mint and Wesabe users, you can grab your balances through your phone instead of your regular computer. Just a thought.

    • Jim says:

      You would have to marry up the data shown in Mint/Quicken/Wesabe/etc. with your displayed account balance to ensure the number shown when you “logged in,” under the influence of this trojan, was correct. I don’t see anyone doing this every single time to ensure correctness.

  10. daemondust says:

    This might actually be a place where storing your banking password is actually more secure since it circumvents some of the vectors (keystroke logging) this would use to grab your password.

  11. KK says:

    this article does not seem credible. in order to transfer money online, you have to set up the link in advance, wait for trial deposits, verify the amount of the deposits and not before can money leave your bank to go a virus hackers bank. It says you get an email and have to clck a link. It is obviously simple phishing. just watch the url and make sure it is the url for your bank.

  12. KK says:

    i just visited the Finjan website and read their version of the article. It is clearly an advertisement to sell their products but written to be disguised as NEWS. i doubt any of it is true. they are trying to scare people to make a buck.

  13. Modder says:

    This *specific* scam is not a threat for us in the US. It relies on the fact that German / European banks allow wire transfers from account to account. E.g. if I know your account #, I can wire you a certain amount of money. This is very easy to do online, clearly an easy way for criminals to clear out accounts. In the US, sending money “out” of an account electronically is much more difficult. Outgoing wire transfers are typically never enabled online (need to fill out forms etc), only way I can think of is online bill pay via checks which takes a lot longer and is harder to cover up. Plus you can cancel issued checks once you notice the scam.

    But in general, the trick here is to monitor your accounts from multiple computers. My wife and I both have home and work computers. We each check out accounts daily, often using both computers. So if there is any funny business going on, and one of the computers is compromised, we would likely notice from another computer.

  14. KKovacs says:

    I don’t think logging in with another software and comparing the amount would help; that’s after the fact… You have already logged in from the infected browser.

  15. I have always been a fan of online banking, but as with any convenience it can open you up to more vulnerability. I don’t doubt that someone out there is capable of this, and it would be a nightmare to recover from. I haven’t yet heard of anyone who has had a problem with this before, but be careful!

  16. Julio says:

    I reduce my exposure to these types of attacks by doing all online banking from a computer that I have designated for banking tasks only. I also have an email ‘alias’ that I use only for online banking. It’s an old computer running an old OS and therefore is not a target of many these type of attacks to begin with. All other computing, internet surfing and gaming is done from a newer computer more suited for these tasks.

  17. That’s the worse thing I ever heard of!

  18. Chris says:

    These are floating around in Facebook now. Beware!

Please Leave a Reply
Bargaineering Comment Policy

Previous Article: «
Next Article: »
Advertising Disclosure: Bargaineering may be compensated in exchange for featured placement of certain sponsored products and services, or your clicking on links posted on this website.
About | Contact Me | Privacy Policy/Your California Privacy Rights | Terms of Use | Press
Copyright © 2016 by All rights reserved.