[ISN] Trojan attacks credit cards of 15 US banks

From: InfoSec News <alerts_at_private>
Date: Thu, 15 Jul 2010 03:08:05 -0500 (CDT)
http://news.techworld.com/security/3232010/trojan-attacks-credit-cards-of-15-us-banks/

By John E Dunn 
Techworld
14 July 10

The Zeus/Zbot banking Trojan is reported to be attacking the Verified by 
Visa and MasterCard SecureCode verification systems introduced in recent 
years to stop old-style card not present (CNP) fraud.

Security company Trusteer, which has carved out a speciality in 
reporting on Zeus/Zbot bank Trojan activity, does not say where and how 
it encountered the latest attack, but reports that the it is aimed at 
customers of 15 unnamed US banks.

Exploiting a man-in-the-middle browser attack when it encounters a 
desired bank login on an infected PC, the malware intercepts and spoofs 
the enrollment process through which credit card users are signed up for 
the first time by both major issuers, Mastercard and Visa, throwing 
users a convincing screen.

This captures a range of sensitive information that could be used to 
carry out CNP fraud, including social security and card numbers, and PIN 
or card verification codes. This data is sent in real time to a server 
run by the attackers.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Thu Jul 15 2010 - 01:08:05 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 15 2010 - 01:17:51 PDT