'Remote access Trojans' harvest online bank passwords as you type them
From MSNBCForget phish. It's rats that are about to cause the most trouble for Internet users.
Clever computer criminals have recently become much more sophisticated in their attacks against online banks, experts say. The Internet is now awash in programs called "remote access Trojans," or RATs, that feed on online banking passwords.
Trojan horse programs have traditionally sneaked their way onto computers by posing as desirable free software, such as electronic greeting cards or file-sharing programs. The malicious programs are hidden, and like the Greek soldiers hidden in the famous wooden horse, jump out to attack once they're safely inside. But others are pushed onto computers without any interaction at all, through various software vulnerabilities. In that case, consumers would likely have no way of knowing their machine has been subdued.
These new remote-access Trojans are designed specifically to lurk in the background, waiting until the unsuspecting user types the name of a well-known bank into a Web browser. Then, the program springs into action, copying every keystroke. The data is sent back to the criminal, who now can raid the online bank."This is the new thing," said Dan Clements of CardCops.com, a site that monitors online fraud. His researchers recently gained access to an e-mail account that was set up to receive data from RAT-infested computers. The account held over 3,000 transmissions, he said.
One of the e-mails contained about 300 logins for Bank of America's Web site.
"I get more and more of these every day," he said. "(Researchers) send it to me and say, 'Why isn't anybody doing anything?' "
Bank of America's Betty Riess said she couldn't comment on the specific case, but said the bank is currently rolling out new security features designed to limit the effectiveness of Trojan horses.
No comments:
Post a Comment