'Oddjob' Trojan Sneaks Into Your Bank Account
Cybercriminals in Eastern Europe have developed a devious tech trick to hijack your online banking session and steal your money from right beneath your nose.
Researchers at the computer security firm Trusteer have detected a new Trojan, called "OddJob," that allows criminals to keep customers' online banking sessions open even after the customers log off.
When users enter login information to their online banking websites, those requests are sent, in real time, to command and control servers, Trusteer explained. OddJob crooks can intercept those requests from within Internet Explorer and Firefox, and steal the security authentication called a session ID token issued to customers during online banking sessions.
Once the session ID is procured, the hacker can effectively impersonate the legitimate customer, and even when the customer logs out of the banking session, the attacker is still logged in and has full access to the victim's online finances.
OddJob spreads via the usual malware channels -- drive-by downloads from infected Web pages, e-mail attachments or corrupted software. OddJob remains dormant and undetectable on your system until you open Firefox or Internet Explorer.
Security experts are worried about OddJob because its parasitic qualities make it easier for crooks to use, and harder for victims to detect.
"The most important difference from conventional hacking is that the fraudsters do not need to log into the online banking computers they simply ride on the existing and authentication session, much as a child might slip in unnoticed through a turnstile at a sports event, train station, etc.," Trusteer's Amit Klein wrote in a blog today (Feb. 22).
Trusteer said OddJob attacks are being used by Eastern European cybercriminals to attack customers in the United States, Poland and Denmark.
Trusteer said the variants it had studied were tailored to Firefox and Internet Explorer, and did not mention whether other browsers such as Chrome, Opera or Safari were also vulnerable. Trusteer did point out that its own Rapport software, available through some online banking websites, blocks OddJob.