Information Security Researchers Identify Trojan in Credit Score Checking Application
by iClass - Friday, February 11, 2011
Cybercriminals constantly find new ways to steal confidential information. Recently, security researchers at Trend Micro identified a malicious credit score application in a public forum.The application advertised by a user urges Brazilians to check their credit score and criminal records. The interface gives an impression to Internet users that the application is genuine.However, the application contains a malicious function. When unsuspecting users download the application, a Trojan gets downloaded into their computer systems. The Trojan has been identified as TROJ_Banker.LEB.The Trojan uses a Graphical user Interface to attract unwary Individuals. The Trojan extracts confidential information from the affected computers and sends the collected information to remote servers.
Usually, credit scores are developed by credit bureaus and are used by banks, financial institutions to accept or reject a credit application by a customer. They are also used to determine the credit limit on a credit card. The scores are based on past payment history, defaults and delinquencies, length of credit history, and types of credit availed by customers. The scores are also used by telecom companies and employers. As such, credit scores generate curiosity among the users. Criminals cash on the curiosity to deceive users and steal privileged information. Several other malicious applications are created to trick users to believe the proposition and share confidential information. As Internet users recognize old techniques of lottery, prize offers and phishing e-mails, offenders are devising new sophisticated mechanisms to defraud users. Attacks such as spear phishing are now more specific, making it difficult for users to doubt their authenticity. Such threats compromise information security of the affected individuals.
In the recent times, there has been an onslaught of financial malware such as Zeus, Bugat and their variants. The malware are designed to extract specific information such as online banking username and passwords from the targeted computers. Employees of banks and financial institutions are the usual targets of financial malware. Banks and financial institutions must create security awareness among the employees and use ethical hacking to weed out vulnerabilities in the IT infrastructure.
Users must be wary of opening unsolicited e-mails, applications, files and PDF attachments. They must avoid clicking on suspicious links on websites and e-mails. Information security professionals suggest users to install and update anti-virus, anti-spyware and anti-malware solutions. They must regularly scan the computers for viruses and Trojans. Adherence to security advisories from software vendors and security firms may help Internet users in securing their computers from sophisticated threats.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences.
Read More Press Releases
Get press releases by email