05
septiembre
2006

Banking Trojan Captures User's Screen in Video Clip

[News] 
"Keylogger" trojans are hidden programs that collect and store the keys pressed by the user to forward them to a third party. This way, the attacker receives a file containing the information the affected user has written (passwords, messages, etc.).


Many banking institutions have introduced the so-called "virtual keyboard", in an attempt to mitigate the activity of this type of trojans. It is an on-screen graphical representation of a keyboard, that the user can use to enter his data by pressing the virtual keys with his mouse instead of using his traditional keyboard.


Today we will analyze a new banking trojan that is a qualitative step forward in the dangerousness of these specimens and a new turn of the screw in the techniques used to defeat virtual keyboards. The novelty of this trojan lies in its capacity to generate a video clip that stores all the activity onscreen while the user is authenticating to access his electronic bank.


The video clip covers only a small portion of the screen, using as reference the cursor, but it is large enough so that the attacker can watch the legitimate user's movements and typing when using the virtual keyboard, so that he gets the username and password without going into further trouble.


The key to develop successful policies to counteract malware is to know its techniques in detail. To achieve it we need to go one step beyond the empiric analysis of specimens found in the wild, i.e. the results we get by executing the trojan; we must take one step forward and analyze its code.


In-Depth Analysis (PDF):

http://www.hispasec.com/laboratorio/banking_trojan_capture_video_clip.pdf


In the following URL you will find a video clip/flash that illustrates the performance of the trojan in an infected system and the data sent to the attacker:

http://www.hispasec.com/laboratorio/troyano_video_en.htm

Sent by bquintero @ 13:14 | Permalink | Comments (11) | Trackbacks (1)
Comentarios
Re: Banking Trojan Captures User's Screen in Video Clip

scary...i really appreciate what virustotal has done for the world, thanks!

Posted by: Blake at septiembre 05,2006 18:17
Re: Banking Trojan Captures User's Screen in Video Clip

good job, guys

this fine presentation clearly reveals a bit of an endless information security warfare.

Posted by: Marco Sanches at septiembre 08,2006 00:38
Re: Banking Trojan Captures User's Screen in Video Clip

how do i get rid of them safely

Posted by: lyle l weishaar at septiembre 10,2006 17:36
Re: Banking Trojan Captures User's Screen in Video Clip

wonderful service to keep users updated abt the things happening around...appreciate your service and thanks

Posted by: rrr at septiembre 13,2006 21:38
Re: Banking Trojan Captures User's Screen in Video Clip

The US TReasury Department has this stupidly arcane method of logging in that quickly locked me out.

Posted by: no at septiembre 20,2006 16:16
Re: Banking Trojan Captures User's Screen in Video Clip

ooo

Posted by: hj at octubre 26,2006 17:48
Re: Banking Trojan Captures User's Screen in Video Clip

Its a very good stuff.. sharing knowledge increases the power of defence..

Posted by: Arun Kumar at noviembre 20,2006 06:06
Re: Banking Trojan Captures User's Screen in Video Clip

zomfg! now its in video! hackers possibility increasing always more everyday =/

thank you virustotal, you done a exc work for the world, ops, still do!

Posted by: Leonardo at diciembre 10,2006 04:14
Re: Banking Trojan Captures User's Screen in Video Clip

bagaimana cara mengatasi virus grogotix yang berkembang biak pada komputer. Yang semula ukurannya 221kb menjadi 3.313kb...

thank`s

Posted by: DIDIK at diciembre 13,2006 08:19
Re: Banking Trojan Captures User's Screen in Video Clip

How to avoid the trojan type virus

Posted by: shanmugam at diciembre 29,2006 06:53
Re: Banking Trojan Captures User's Screen in Video Clip

ok

Posted by: kim Dong at enero 01,2007 08:11
Re: Banking Trojan Captures User's Screen in Video Clip

Does this method affects only Internet Explorer or does it affects the others (Opera, Mozilla, Firefox) too?

Posted by: Sergio Macedo at enero 02,2007 15:09
Re: Banking Trojan Captures User's Screen in Video Clip

fgfg

Posted by: alen at mayo 17,2007 10:59
Re: Banking Trojan Captures User's Screen in Video Clip

ddd

Posted by: samed at mayo 23,2007 00:26
Re: Banking Trojan Captures User's Screen in Video Clip

loser...........

Posted by: loser at septiembre 28,2007 19:56
Re: Banking Trojan Captures User's Screen in Video Clip

freaks

Posted by: loser at septiembre 28,2007 19:57
Re: Banking Trojan Captures User's Screen in Video Clip

demont is a fruit loop

Posted by: fff at septiembre 28,2007 19:58
Re: Banking Trojan Captures User's Screen in Video Clip

demont is a fruit loop

Posted by: fff at septiembre 28,2007 19:58
Re: Banking Trojan Captures User's Screen in Video Clip

demont w. is retarded

Posted by: c at septiembre 28,2007 19:58
Re: Banking Trojan Captures User's Screen in Video Clip

cherrish is a freak lol and gay

Posted by: loser at septiembre 28,2007 20:00
Re: Banking Trojan Captures User's Screen in Video Clip

kelly is a freak

Posted by: lonely at septiembre 28,2007 20:00
Re: Banking Trojan Captures User's Screen in Video Clip

demont and cherrsih sitting in a tree!!! lol

Posted by: loser at septiembre 28,2007 20:01
Re: Banking Trojan Captures User's Screen in Video Clip

Demont Washington is something sexy

Posted by: sadness at septiembre 28,2007 20:02
Re: Banking Trojan Captures User's Screen in Video Clip

Demont Washington is something sexy

Posted by: sadness at septiembre 28,2007 20:02
Re: Banking Trojan Captures User's Screen in Video Clip

cherrsih is a dumbass loser freak lol

Posted by: loser at septiembre 28,2007 20:02
Re: Banking Trojan Captures User's Screen in Video Clip

gay ass homfo

Posted by: loser at septiembre 28,2007 20:03
Re: Banking Trojan Captures User's Screen in Video Clip

kelly is a werid person and she noes she like demont

Posted by: SADNESS at septiembre 28,2007 20:03
Trackbacks
Please send trackbacks to: http://blog.hispasec.nospam/virustotal/8/tbZ3ping
Replace "nospam" with "com"
key logger trojan


Seems like certain banks are on collision course with a major headache with regard to their Internet Banking service.
Here’s a page detailing a keylogging virus which targets so-called “virtual keyboards”. Th...

Posted by: Pangs of Irreality at septiembre 19,2006 11:31
Post a comment