A soft spot on the underbelly of Microsoft Corp.’s Anti-Spyware program, now in its first beta, has been discovered and exploited by the BankASH-A Trojan, discovered Wednesday by Sophos Inc.
This Trojan lies dormant until the user visits the Web sites of targeted banks including Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest and Smile, according to Sophos.
When the user logs on to the site, BankASH-A does one of two things: It either activates a key-logging program, which steals a user’s online banking ID and password or it redirects them to a bogus login page, explained Gregg Mastoras, senior security analyst at Sophos in Boston.
BanakASH-A is the first Trojan found to affect Microsoft’s Anti-Spyware by disabling the program, Mastoras explained. It is also uses the aliases Trojan-Spy.Win32.Banker.jv and PWS-Banker.j, according to Sophos.
“It’s a demonstration that (virus writers) are attacking Microsoft’s new security products,” he said. It has only been about one month since the Anti-Spyware beta was released.
“Microsoft is actively investigating new public reports of a criminal attack, known as the “BankAsh-A Trojan” that attempts to disable the Microsoft Windows AntiSpyware beta,” Carol Terentiak, security strategy and response manager at Microsoft Canada Co. in Mississauga Ont. said in a statement.
So far no Canadian or U.S. banks have been targeted by BankASH-A, he said. However, Canadian banks have been affected by similar Trojans in the past and it’s likely they will also be targets in the future, Mastoras said. “We’ve seen a greater number of these (Trojans) in the past couple of months. It really speaks to the greater trend of Trojans and worms written for financial gain rather than a teenager in basement (who wants) to gain notoriety.”
For example, the Banker-AJ Trojan was very similar, Mastoras added. Banker-AJ was developed by an organized crime ring in Brazil, which ended up stealing around US$30 million from Brazilian banks.
The only way to protect against Banker-AJ is to ensure antivirus software is kept up-to-date, he said.
For more information visit this site.