Banker Trojans evolving into more dangerous forms
Banker Trojans designed to steal financial information are evolving rapidly. One recent example, the StealAll.A Trojan, injects a DLL in the Internet browser to steal data users enter in online forms.
According to PandaLabs, 53.6 percent of the new malware samples that appeared in 2006 were Trojans. And 20 percent of all Trojans detected by Panda ActiveScan in 2006 were banker Trojans. This was in fact the most frequently detected category of Trojan.
The rapid evolution of banker Trojans is largely due to the use of additional security measures by financial institutions, such as the virtual keyboards now used to prevent traditional keyloggers recording users’ keystrokes.
Cyber-crooks however have gone to great lengths to counter such security measures. Just a few months ago, PandaLabs detected Banbra.DCY, a banker Trojan designed to take video shots in order to see exactly which characters users enter on the virtual keyboard.
Another common technique uses Trojans designed for pharming. This involves tampering with the DNS (domain name system) used to direct users to web pages, redirecting them to spoof banking or financial pages designed to capture the data entered. Banker.CHG is a typical example of Trojan designed for pharming.