New Bank Trojan Aims To Steal Session IDs

Forum Moderators: open

Message Too Old, No Replies

New Bank Trojan Aims To Steal Session IDs

engine

5:58 pm on Feb 23, 2011 (gmt 0)

New Bank Trojan Aims To Steal Session IDs [pcadvisor.co.uk]

The Trojan program, dubbed 'OddJob', appears to be a work in progress, but is already different from many malware in at least two respects, according to Amit Klein, chief technology officer at security firm Trusteer, which discovered it.

Unlike other conventional hacking tools, OddJob does not require fraudsters to log into a user's online bank account to steal from it. Instead, the malware is designed to hijack a user's online banking session in real-time by stealing session ID tokens.

Yikes, that's a concern if it gets on your system.

Propools

6:51 pm on Feb 23, 2011 (gmt 0)

OddJob presently is programmed to steal session ID tokens from customers of dozens of specific banks in the US, Poland and Denmark. When customers log into their accounts using Microsoft's Internet Explorer or Mozilla's Firefox, OddJob grabs their session ID token and sends it in real-time to the Command-and-Control server where the session can be hijacked.

Just one more reason to use Chrome?

Matthew1980

8:03 pm on Feb 23, 2011 (gmt 0)

^^^

Wow, that's quite scary to read, is chrome really safe; then again, is ANY browser really safe - depends on what you normally look at I guess, but internet banking is becoming more of a necessity now than a technological luxury.

I'll keep an eye on this..

Cheers,
MRb

J_RaD

1:06 am on Feb 24, 2011 (gmt 0)

time to start doing all my online banking in a virtual machine.

J_RaD

2:10 pm on Feb 24, 2011 (gmt 0)

Just one more reason to use Chrome?

opera :-)

coopster

9:12 pm on Feb 24, 2011 (gmt 0)

Why not add the IP to the session verification process at the server-side (the bank)? Issue resolved, for the banks at least.

graeme_p

4:38 am on Feb 25, 2011 (gmt 0)

Its not a reason to use Chrome. It is a reason not to use Windows.