Sunday, October 2, 2011

How Sophisticated is a 2008 Computer Trojan?

On December 17, 2007 a Symantec security researcher Liam O Murchu discovered a Trojan that is called  Silent Banker. While McAfee names the same Trojan Spy-Agent.cm, it is the same beast. According to the Symantec website, the Trojan horse program was identified perform the following functions:
...records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.

Since this discovery it was reviewed again in October 2008 and had grown very sophisticated since it was discovered. According to this review, the software digs deeper into the affected computers, by using rootkit technologies which once installed, sits under the Windows operating system - which means it is even harder to detect by anti-virus software. This Trojan horse has regular communication with its authors, and maintains the website pages for over 400 financial institutions around the world, including the major US firms. When an infected machine his directed to a bank like Chase, the user is immediately redirected to a fake version of the Chase site, with a replica version of the bank's webpage. From there, it skims the user name and password (even for the highly acclaimed two factor authentication bank sites). This infection continues to update itself and send user name and password information back to the Trojan authors and can exist on computers until the machine is completely reformatted and reinstalled.