New Trojan menaces Aust online bank users
According to St. George Bank, AusCERT and the Australian High Tech Crime Centre (AHTCC) are helping local financial institutions track down the origins of a new Trojan that's helping online criminals defraud consumers of their savings.
During the past 24 hours, St. George has prominently displayed a warning on its online banking Web site, urging customers to take special care when using the service.
The message was posted after a number of customers reported seeing a suspicious pop-up window in their Web browsers as they attempted to access the bank's Internet banking site.
"In the past day, a small number of St. George customers have advised that they have received a pop-up window, which is not a part of their normal St. George Internet banking activity," said a spokesperson for the bank yesterday.
According to St. George, the pop-up window contained instruction for customers to enter their credit card details and personal identification number.
Computer security companies that ZDNet Australia spoke to late yesterday were unable to positively identify the Trojan from the bank's description of its behaviour, but it's now understood to be the same viral code that has been wreaking havoc with banks across the world over the last 24 hours.
And Australian banks are at the top of its hit list according to a detailed security bulletin concerning the Trojan released by U.S.-based Internet Storm Center.
According to the Internet Storm Center report, all of Australia's major banks were targeted by the trojan's author and, perhaps more disturbingly, placed highest in its data list of bank URLs to monitor. Appearing in order they were the Commonwealth Bank, St.George, Bendigo Bank, ANZ, National Australia Bank, Westpac, HSBC and Citibank Australia.
The Trojan's appearance is linked to a security notice issued by Microsoft last week concerning a security weakness in some configurations of Windows 2000 servers.
The security weakness, affecting Microsoft Windows 2000 servers running IIS version 5.0, allows malicious hackers to seed Web sites with pages containing insidiously designed JavaScript. The script exploits flaws in Microsoft Internet Explorer, forcing the browser to download the Trojan from a remote computer.
According to reports, the remote-access Trojans (RAT) could capture keystrokes necessary to log into secure sites and relay it to a third party, including online banking information.
Other Australian banks contacted for this story late yesterday were unable to respond in time for publication.