New technique against virtual keyboards

New trojan banker combines key logging with an optimized technique for virtual keyboards.

Every time the user clicks in the virtual keyboard, the trojan performs a series of small screen captures of the area that surrounds the cursor. It also adds a small red arrow that pinpoints the exact place the user clicked, so that the attacker can see clearly the key the user selected.

It has been specifically designed for banking institutions in Argentina, Bolivia, Brazil, Cape Verde, Spain, USA, Paraguay, Portugal, Uruguay, and Venezuela.

In-Depth Analysis: New technique against virtual keyboards.pdf (PDF)

In the following URL you will find a video/flash that illustrates the performance of the trojan in an infected system and the data sent to the attacker: Cajamurcia Video

Sent by fsantos @ 13:09 | Permalink | Comments (7) | Trackbacks (0)
Re: New technique against virtual keyboards

This may be a huge problem, Increasing credit card fraud. Let's hope its off the web and the creator(s) go to jail.

Posted by: Devin Hutchison at octubre 20,2006 00:39
Re: New technique against virtual keyboards

i hate this tec and the antvir software wont alarm about this

Posted by: SnowSun at octubre 28,2006 07:20
Re: New technique against virtual keyboards

I suppose for this "Trojan Banker" to function it has to lay on your comp. Use Linux and it won't happen!

Posted by: netstrider at noviembre 28,2006 11:33
Re: New technique against virtual keyboards

this is interesting.

i think the world is getting more and more dangerous and we definately need to protect ourselves more and more. :(

Ming Chern
Internet Marketing for Newbies

Posted by: TOFUmonkey at enero 10,2007 09:45
Re: New technique against virtual keyboards

I highly recommend Snoopfree 1.0.7 from snoopfree.com, it is a great utility against all kind of keyloggers including screen capture technique.It runs smoothly with other security product.

Posted by: Zoli at enero 10,2007 11:52
Re: New technique against virtual keyboards

The best protection against this kind of fraud is to control access to data within the workplace. Run tight software restriction policies, and don't allow any executables through your gateway/proxy/mail server (easily done in ISA server). Install some anti-virus protection on the gateway/proxy, and utilise several programs if necessary. Ensure passwords are regularly changed, and if the situation permits, you could have the roaming profile just load a default registry hive at each logon which would ensure that any nasty trojans got kicked out of the startup sequence. Anti-virus should be a *FINAL SAFEGUARD* against viruses. You should have other measures in place.

Also, if you have your gateway configured properly, it should not be possible for a trojan to communicate with the net. I work for a large banking institution, and we do not have web access unless we explicitly request it and log in via certificate authentication. ISA server logs all outbound requests and they are regularly reviewed by IT personnel.

For institutions with properly configured IT infrastructure, this should not present a problem.

Posted by: Thomas at enero 15,2007 22:43
Re: New technique against virtual keyboards

This Trojan is not a problem!!
I live and work in Italy. I have a bank savings account, which is operated via telephone or internet, INGDIRECT.
When I log on to the web site, they use a virtual keypad. There are two security measures it has...
Firstly each time you log in the numbers are never in the same order.
The second, which is relevant for this Trojan, is that when you click the keypad the numbers disappear. Which, hopefully, makes it very safe!!! FOR NOW!!!

Posted by: English Teacher at enero 30,2007 08:05
Please send trackbacks to: http://blog.hispasec.nospam/virustotal/9/tbZ3ping
Replace "nospam" with "com"
There are no trackbacks.
Post a comment