Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PWS Bankers 2.0

Published: 2006-08-03
Last Updated: 2006-08-03 22:23:01 UTC
by Pedro Bueno (Version: 2)
0 comment(s)

PWS-Bankers 2.0

Some time ago I was reading about Phishing 2.0 , as the evolution of Phishing attacks. In that case, the miscreants were making use of multiple and different attacks tying to beat the new security methods adopted by the financial institutions, like One Time password. According the news report, Horward Schmidt said "...as more people become aware of current "phishing" scams, the cyber criminals often get even more clever, and create new, more sophisticated techniques,". That's the famous cat and mouse game.

The new security methods adopted by banks were created in response to the huge amount of attacks suffered by their customers and the huge amount of money that they are loosing over the years, and it was working, until the miscreants decided to create new techniques to defeat them.

Well, I have been talking to my fellow handlers before put this here, because I don't want someone calling me "hype maker",:) ,and I would like to present you another term: Banker 2.0.

 But what is Banker 2.0?

This represents the evolution of the banker trojans as well, to try to defeat the new bank security measures implemented for their customers.

Yesterday I was playing with a pws-banker trojan sample. In short, it was telling that it was a Bank Application to 'update' the bank digital certificate. Some Brazilian banks are adopting digital certificates for some large customers, so some transactions can only be done with those certificates.

 The interesting characteristics were:

  • was targeting just one south american bank
  • was asking for the bank digital certificate password
  • was harvesting the hard-drive for all *.key and *.crt files
  • was sending the Cert password and all *.key and *.crt files to a gmail account.

 McAfee AvertLabs has a good description of it, with screenshots:

So, banks are trying, with OTP, Tokens, Digital Certificates...but the bad guys are doing it as well creating new techniques to defeat them...the question is, where are the banks failing?

Pedro Bueno <pbueno //&&// isc. sans. org >

Keywords:
0 comment(s)
Diary Archives