Security firm F-Secure has discovered a password stealing trojan targeting Commonwealth Bank users -- and the malware isn't being detected by the free antivirus software the bank is offering its online users.
The trojan, known as "Banker", alters the content of victims' Commonwealth Bank international money transfer login page by overlaying two false fields designed to capture the user's passwords.
Commbank announced this week that it will be offering a free version of CA's Internet Security Suite 2008 to a selection of its customers in an effort to address security concerns around online banking.
According to independent antivirus testing tool Virus Total, CA's Internet Security Suite is one of 10 antivirus engines that fail to detect the trojan, Trojan-Spy.Win32.Banker.ffo.
Spot the difference between a clean (left) and infected view (right) of the login page. [Click to enlarge].
The trojan has been traced back to a server in Hong Kong, which has since been taken down, F-Secure's security response manager Patrik Runald told ZDNet Australia.
The Banker trojan is more sophisticated than phishing scams which attempt to dupe Internet banking customers into visiting a fake Web page and submitting their passwords, said Runald.
Internet banking customers are well-advised by banks about the correct procedures to avoid falling prey to phishing scams that use fake Web sites to trick users to submit their login details, however the Banker trojan invalidates these precautionary steps.
"Banks have warned customers to avoid clicking on links and instead to manually enter the bank's URL or to use a bookmark to access the page. In this instance, checking for the padlock symbol in the browser -- which indicates the session is encrypted -- will still appear. And there's no certificate warning that you would see on phishing sites. Basically there are no telltale signs that this is bad and the user hasn't done anything wrong," said Runald.
The Commonwealth Bank was the only Australian bank singled out by the trojan. Spanish, German, Portuguese, Greek, Italian and German banks were also on the hit list, said Runald.
Although this particular threat is "not that big", Runald said Banker trojans are detected on a daily basis.
"This is just one of many. But this is a new type of threat that people need to look out for. Traditional phishing, which uses a fake Web site, is still there but I don't expect to see it increase. We're moving towards this new way of stealing people's information," said Runald.