On Wednesday cybersecurity researchers at Secureworks issued a report describing a new cybercriminal group that aims a one-two punch at banks. First it collects banking customers' passwords using a variation of the so-called Black Energy software, which has infected thousands of computers worldwide to create a "botnet" of hijacked machines. The machines use the collected passwords to move funds into the hackers' accounts, and then typically delete files from the user's computer to cover their tracks.
Today, DarkReading's Kelly Jackson Higgins writes about BlackEnergy. Again. If we stop typing our online banking credentials into boxes in browsers and instead, swipe our bank issued card and enter our bank issued PIN, then the bad guys would get a bunch of 3DES DUKPT encrypted gobblygook.
New BlackEnergy Trojan Targeting Russian, Ukrainian Banks
Botnet lets attackers steal online banking credentials and DDoS Russian and Ukrainian banksMar 04, 2010 | 09:24 AM
By Kelly Jackson Higgins | DarkReading SAN FRANCISCO -- RSA Conference 2010 -- Russian hackers have written a more sophisticated version of the infamous BlackEnergy Trojan associated with the 2008 cyberattacks against Georgia that now targets Russian and Ukrainian online banking customers.
Joe Stewart, a security researcher with SecureWorks, says Russian hackers are using the Trojan spread via the BlackEnergy botnet to hit Russian and Ukrainian banks with a two-pronged attack that steals their customers' online banking credentials and then wage a distributed denial-of-service (DDoS) attack on the banks as a cover: "They may be emptying the bank accounts while the banks are busy cleaning up from the DDoS," Stewart says.
Dubbed by Stewart as "BlackEnergy 2," this new version of the Trojan is a full rewrite of the code that features a modular architecture that supports plug-ins that can be written without access to its source code. It currently comes with three different DDoS plug-ins, as well as one for spamming and two for online banking fraud, according to Stewart.
While the Zeus Trojan remains the most popular Trojan, Stewart says BlackEnergy 2 can do things Zeus cannot, such as stealing online credentials plus DDoS'ing. BlackEnergy 2 also steals the user's private encryption key. Stewart has written an analysis of the Trojan, available here.
Continue DarkReading
Thanks for Visiting - Bookmark us or Add to your Favorites and Find Out What's Going on Tomorrow in the Payments Industry
0 comments