Evil Spyware Pop-Up Ad

[Phantasm66]

Security researchers have discovered a malicious program that installs itself through a pop-up ad and can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites.

Security experts at the Internet Storm Center have studied the "img1big.gif" trojan file, and have discovered it to target a long list of banks and attempted to steal the account information of those institutions' customers.

More here.

 

[poertner_1274]

Wow, so this is one that can log 'REAL' bank sites. That's not good. At fist read I thought it was just the fake ones you get emails about all the time.
Better be extra careful out there...

 

[jshields13]

Interesting. I would think that if one has a pop up blocker that this would not be a problem.

 

[poertner_1274]

It depends on what kind of trojan it is. If it sees www.usbank.com or something of the sorts, it could enable the keylogger and log the username and password. Doesn't necessarily have to be a pop up for it to work.

 

[Mictlantecuhtli]

It monitors the following sites:

.commbank.com.au
.citibank.com
.stgeorge.com.au
.bendigobank.com.au
.anz.com
national.com.au
westpac.com.au
.hsbc.com.au
barclays.co.uk
lloydstsb.co.uk
citibank.com.au
.online_banking.standardchartered.com.hk
www.ebank.iba.com.hk
www.dahsing.com
www.citibank.com.hk
.hsbc.com.hk
.deutsche_bank.de
.citibank.de
.sparkasse_banking.de
banking.lbbw.de
dit_online.de
.dab_bank.com
www1.bmo.com
www.scotiaonline.scotiabank.com
cibconline.cibc.com
www1.royalbank.com
easyweb.tdcanadatrust.com
suncorpmetway.com.au
cd.citibank.co.ae
ebank.uae.hsbc.com
banknetpower.net
nbd.ae
online_banking.standardchartered.ae
standardchartered.com
www.cbdonline.ae
www.arabi_online.com
banking.mashreqbank.com
www.unb.com
online.nbad.com
pbg1.edc.citiaccess.com
www.privatebank.citibank.com.sg
ekocbank.kocbank.com.tr
internetsube.akbank.com.tr
hercules.pamukbank.com.tr
www.alahlionline.com
www.samba.com
www.almubasher.com.sa
www.sabbnet.com
.e_gold.com