Cyber criminal ring targets Australian inboxes

Trojan horse malware that provides its owners with bank details and other personal information has been discovered targeting Australian Internet Explorer users

Trojan horse malware that provides its owners with credit card numbers, bank details, and other personal information has been discovered targeting Australian Internet Explorer users.

The Trojan was exposed last month by US-based anti-exploit development firm, Exploit Prevention Labs (XPL). However, according to Australian-born Roger Thompson, the company's Chief Technical Officer, it has been known among the whitehat community since April this year.

Victims receive what appears to be a Yahoo Greetings eCard, which directs Web browsers to an authentic eCard via an exploit server. If the exploit server detects browser vulnerabilities, it force-downloads post-logging software onto the user's computer.

This process happens so quickly that it is virtually unnoticeable, Thompson said, adding that some versions of the Trojan also force-download a rootkit which makes it invisible to Internet Explorer's add-on manager.

"It's very, very hard to tell if you've been infected," he said. "If your antivirus program can see it, that's fine. But if it doesn't, then you won't know it's there."

Although it is impossible to determine the exact number of affected users, Thompson expects there to be thousands of Australian computers at risk. XPL researchers have confirmed that accounts at nearly every Australian bank were affected.

The Trojan was found to have been exploiting the Internet Explorer MDAC vulnerability through the Russian-developed WebAttacker script, which XPL has found to be the most prevalent Internet-borne exploit generator. While a patch for the MDAC vulnerability was released by Microsoft in April, Thompson said, many Internet Explorer users remain susceptible because not all users apply patches.

"A lot of work computers don't get patched, because when you patch, a lot of other things can get broken," he said. "A lot of companies don't like patching because of this, and because they think they are safe behind a firewall."

"But browsers are authorized to get past firewalls; that's how they access the Internet," he explained. "And once you're authorized, consumer firewalls don't have enough resolution to distinguish between evil Web sites and clean Web sites."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about MicrosoftVIAYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liz Tay

Latest Videos

More videos

Blog Posts