The Trojan malware arms race

Geekdinner with Dr. Richard Clayton

So after the London Geekdinner with Doctor Richard Clayton from Cambridge University, (you can watch the videos here 1, 2, 3, q&a or listen to the audio in total here.) I had a little wonder around the net to see what I've been missing out on since I moved to GNU/Linux.

And as expected the battle over adware, spyware and trojans has grown into something extremely serious. A friend at work keeps talking about the problems she has with her windows machine. The things she describes sounds like trojan activity but I can never be sure, so I'm not quite at the point of saying to her reinstall Windows fresh again. (We actually rebuilt her machine over the Christmas period already, because things were so bad she couldn't login). However after hearing about this banking trojan on Security Now recently. I'm reconsidering my advice.

Not only does it Trojan.Silentbanker steal your passwords, but it can perform a man in the middle attack on SSL connections, rendering the secure nature of SSL totally useless. It can also modify HTTP and HTML, meaning when you log into your bank and try and pay your bills it will replace your bill details with ones of the trojans chooses. Yes click that button to transfer funds looks legitmate but it will go to a off shorebank you've never heard of. It can steal cookies, certificates, cache passwords and change your DNS settings on the fly. So type in your banks url and the browser gets sent to a site which looks like the banks site but actually its not. To finish off it automaticlly updates its self and for some reason can install it a midi driver which screws around with your sound. Maybe to play the sound “kuchhing” when you finish that hijacked transation?

Technorati Tags: , , , , , , ,

Comments [Comments]
Trackbacks [0]

Author: Ianforrester

Senior firestarter at BBC R&D, emergent technology expert and serial social geek event organiser.