Hackers bank on Trojans to steal financial data

Trojans designed to steal financial information constitute one of the fastest growing threats to internet users, security experts warned today.

PandaLabs highlighted the serious danger posed by a recently detected example, the StealAll.A Trojan, which injects a DLL in the internet browser to steal data that users enter in online forms.

According to the security company, 53.6 percent of the new malware samples that appeared in 2006 were Trojans. And 20 percent of all Trojans detected in 2006 were banker Trojans, which were the most frequently detected category of Trojan.

Panda believes that the rapid evolution of banker Trojans is largely due to the use of additional security measures by financial institutions, such as the virtual keyboards now used to prevent traditional key-loggers recording user keystrokes.

The security firm added that cyber-criminals have gone to great lengths to counter such security measures.

Just a few months ago, Panda detected Banbra.DCY, a banker Trojan designed to take video shots in order to see exactly which characters users enter on the virtual keyboard.

Another common technique uses Trojans designed for so-called pharming. This involves tampering with the domain name system used to direct users to web pages, sending them to spoof banking or financial pages designed to capture the data entered.

Banker.CHG is cited as a typical example of Trojan designed for pharming.

"Banker Trojans are currently one of the greatest threats on the internet and attacks using this type of malicious code can have devastating effects on users' finances," warned Luis Corrons, technical director of PandaLabs.

"These Trojans are created specifically so they can be installed and operate without attracting attention. For this reason users need proactive technologies to detect new threats by analysing their behaviour."