images

SpyEye, a piece of malicious software that steals money from people’s online bank accounts, according to new research from security vendor Trusteer. Researchers have discovered that it is aimed at cracking security schemes that use text messaging to send confirmation codes to consumers so they can confirm transactions from their accounts.

According to the researchers, the attack works like this:

The malware first attacks the login information of the consumer’s account and access the account without being detected by the bank or consumer.

Next, they obtain the confirmation code originally used to activate mobile phone number with the bank’s customer.

That’s done by injecting a phony page into the Web browser on the consumer’s phone which says a new security system is being implemented by the bank. All customers are being issued a unique telephone number, it says, and will receive a special SIM card in the mail.

However, to participate in the mandatory program, a consumer must register with the bank. Part of that registration process includes typing the original confirmation code into the webpage where, of course, the Black Hats can capture it.

Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address

Once the attackers change the cellphone number associated with it, they can divert funds from the consumer’s accounts until the consumer logs in and sees the unauthorized withdrawals or expenditures.

“This latest SpyEye configuration demonstrates that out-of-band authentication systems, including SMS-based solutions, are not fool-proof,” the researchers concluded.

“The only way to defeat this new attack once a computer has been infected with SpyEye is using endpoint security that blocks MITB techniques,” they added. “Without a layered approach to security, even the most sophisticated OOBA schemes can be made irrelevant under the right circumstances.”