|
Panda Security Detects Malicious Trojan Being Used for Pharming Attacks on Apple's iPhone
GLENDALE, Calif., Sept. 24 /PRNewswire/ -- Panda Security, a leading provider of IT security solutions, today announced that PandaLabs, Panda Security's laboratory for detecting and analyzing malware, has determined that Banker.LKCTrojan, a Trojan purporting to be a video of the iPhone, is at the center of new pharming attacks to infect users with malware.
The aim of these pharming attacks is to steal confidential user information. The malicious payload of the Trojan can result in users being redirected to fraudulent web pages when they try to access their online bank. Victims of this attack could find that their bank details end up in the hands of cyber-crooks.
Pharming is a sophisticated version of phishing. It involves manipulating the DNS (Domain Name Server) through the configuration of the TCP/IP protocol or the host file. The DNS servers store the numeric address or IP address (e.g. 62.14.63.187.) associated to each domain name or URL (e.g. www. mibanco.com). The result of the cyber-criminals' interference is that when a user enters the name of a Web page, the server redirects him to another number, i.e. another IP address hosting a fraudulent Web page, designed to have the appearance of the original page.
In this case, the Banker.LKCTrojan is responsible for the manipulation of the DNS. This malicious code reaches systems under the name "VideoPhone[1]_exe". Once it is run, and in order to trick users, it opens a browser window displaying a website selling the iPhone (see image at: http://www.flickr.com/photos/panda_security/2884457259/).
While users are viewing this page, the Trojan modifies the host's file redirecting URLs of banks and other companies to a false web page. This way, users trying to access these banks by typing in the address or accessing them from an Internet search will be redirected to the spoof page. Here they will be asked for confidential details (account number, transaction password, etc.) which will be falling straight into the hands of cyber-crooks.
The manipulation of the host's file does not cause any other suspicious effect on the computer. In fact, the entire fraud is carried out without arousing the suspicion of users, as all they need to do to become a victim is enter the address of the bank. This makes the attack even more dangerous.
"Cyber-crooks are obviously aiming to use the information they gather to empty users' accounts," explains Luis Corrons, Technical Director of PandaLabs. "The iPhone is used in this case as bait to attract users into running the file containing malicious code."
How to protect yourself against pharming
-- When you connect to a page on which confidential details are requested make sure that the URL is the same as the one you typed and that there are no additional letters or numbers, etc.
-- Check the security certificate of the sites you visit. Any reliable e-commerce business will have security certification for its servers issued by a recognized security authority. There are several certification authorities, although Verisign is the most widely recognized.
-- Make sure you have effective, up-to-date antivirus protection, because, as is the case here, the DNS modification is often carried out with malicious code.
About PandaLabs
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.
Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.
More information is available in the PandaLabs blog: http://www.pandalabs.com/.
About Panda Security
Panda Security is one of the world's leading IT security providers, with millions of clients across more than 200 countries and products available in 23 languages. Its mission is to develop and provide global solutions to keep clients' IT resources free from the damage inflicted by viruses and other computer threats, at the lowest possible total cost of ownership.
Panda Security proposes a new security model, designed to offer a robust solution to the latest cyber-crime techniques. This is manifest in the performance of the company's technology and products, with detection ratios well above average market standards and most importantly, providing greater security for its clients. For more information and evaluation versions of all Panda Security solutions, visit our website at: http://www.pandasecurity.com/.
Panda Security
CONTACT: Bill Bourdon of Bateman Group, +1-415-602-1491,panda@bateman-group.com, for Panda Security
Web site: http://www.pandasecurity.com/
[ Back To TMCnet.com's Homepage ]
|
INDUSTRIES
Activate Email 
Find Solutions for Enterprises, SMBs & Service Providers at the INTERNET TELEPHONY Conference and EXPO East, January 20-22, 2010. Miami, FL.
