Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advance of Bank Trojan Nov 2005. 2 – 2002 Symantec Corporation, All Rights Reserved Current threat from Bank Trojans Steals online banking information;

Published byRolando Mulnix Modified over 10 years ago

Similar presentations

Presentation on theme: "Advance of Bank Trojan Nov 2005. 2 – 2002 Symantec Corporation, All Rights Reserved Current threat from Bank Trojans Steals online banking information;"— Presentation transcript:

1 Advance of Bank Trojan Nov 2005

2 2 – 2002 Symantec Corporation, All Rights Reserved Current threat from Bank Trojans Steals online banking information; typically usernames and passwords. PWSteal.JGinko targets Japanese banks. (Trojan- Spy.Win32.Banker.vt [Kaspersky Lab], PWS-Jginko [McAfee], TSPY_BANCOS.ANM [Trend Micro]) These Trojans work closely and actively with Internet Explorer.

3 3 – 2002 Symantec Corporation, All Rights Reserved Submission increase Symantec gets almost 2 million submissions per year. The rate of submissions is increasing. Are Bank Trojan submissions increasing?

4 4 – 2002 Symantec Corporation, All Rights Reserved PWSteal.Bancos submissions Why have submissions decreased?

5 5 – 2002 Symantec Corporation, All Rights Reserved Bancos submissions vs Total Symantec submissions.

6 6 – 2002 Symantec Corporation, All Rights Reserved How samples are collected User submissions Honey pot Web site routine patrol(Adware, Spyware) Brightmail BBS

7 7 – 2002 Symantec Corporation, All Rights Reserved Japanese Banks VS Bank Trojan PWSteal.Bancos originally targeted Brazilian Banks. Then, support was added for German and English Banks. PWSteal.Jginko targets only Japanese Banks. PWSteal.Jginko monitors 27 domains. PWSteal.Bancos.T monitors 2746 domains.

8 8 – 2002 Symantec Corporation, All Rights Reserved PWSteal.Jginko domains resonabank.anser.or.jp, btm.co.jp, ebank.co.jp japannetbank.co.jp, smbc.co.jp, yu-cho.japanpost.jp ufjbank.co.jp, mizuhobank.co.jp shinseibank.co.jp, iy-bank.co.jp shinkinbanking.com, shinkin-webfb-hokkaido.jp shinkin-webfb.jp And more, more, more

9 9 – 2002 Symantec Corporation, All Rights Reserved Other Bank Trojans also target rural banks 82bank.co.jp, akita-bank.co.jp all.rokin.or.jp, toyotrustbank.co.jp hyakugo.co.jp, chibabank.co.jp fukuibank.co.jp, gunmabank.co.jp hirogin.co.jp, hokugin.co.jp joyobank.co.jp, nishigin.co.jp And more, more, more

10 10 – 2002 Symantec Corporation, All Rights Reserved Security measures taken by Japanese Banks recently Software Keyboard Strong password requirements Challenge and response with one-time encryption key Prevent phishing mail Login restricted by IP address SSL

11 11 – 2002 Symantec Corporation, All Rights Reserved Advantage of Trojan over KeyLogger These Trojans are not KeyLogger.Trojans Stealth techniques can be used Intercepts transaction information Silent download Silent update

12 12 – 2002 Symantec Corporation, All Rights Reserved Bank Trojans are not KeyLogger.Trojan Old KeyLoggers log key strokes and send logged data. Difficult to know which application the user was using Logs user error (passeo[Back Space][Back Space]word ) Difficult to know when the user changes to a different input field

13 13 – 2002 Symantec Corporation, All Rights Reserved Stealth techniques used by Bank Trojans Works with Internet Explorer. Firewall does not stop HTTP transaction of Internet Explorer. (BHO, Inject, layered service provider) Injects itself into other process Rootkit may hide files or protect them from security application Hide packet traffic from system to avoid detection

14 14 – 2002 Symantec Corporation, All Rights Reserved Intercept transaction These Trojans can hook specific procedure calls These Trojans can inject itself into an application HTTPS is not secure if the data is intercepted before and after it is encrypted

15 15 – 2002 Symantec Corporation, All Rights Reserved Silent download/ Silent update techniques Trojans may close Alerts from Windows Firewall Delete Zone.Identifier settings Add itself to Authorized Applications list, bypassing the firewall

16 16 – 2002 Symantec Corporation, All Rights Reserved Technique: Key Logging

17 17 – 2002 Symantec Corporation, All Rights Reserved Technique: Key Logging(2)

18 18 – 2002 Symantec Corporation, All Rights Reserved Technique: Inject Taskmanager can enumerate process DLLs are never enumerated by taskmanager. If IEXPLORE.EXE calls loadlibrary? VirtualAllocEx WriteProcessMemory GetProcAddress CreateRemoteThread

19 19 – 2002 Symantec Corporation, All Rights Reserved Technique: BHO A Browser helper object is an additional software component that is loaded when Internet Explorer starts. When a BHO sends a data, It looks like the data is sent by Internet Explorer. The BHO cant be seen with Task manager.

20 20 – 2002 Symantec Corporation, All Rights Reserved Loading BHO How Internet Explorer loads and initializes helper objects.

21 21 – 2002 Symantec Corporation, All Rights Reserved Technique: BHO (2)

22 22 – 2002 Symantec Corporation, All Rights Reserved Technique: Intercept transaction

23 23 – 2002 Symantec Corporation, All Rights Reserved Secure Socket Layer is secure? Secure Not Secure Pickup data Encrypt data

24 24 – 2002 Symantec Corporation, All Rights Reserved Technique: Intercept transaction (2)

25 25 – 2002 Symantec Corporation, All Rights Reserved Technique: Intercept transaction (3)

26 26 – 2002 Symantec Corporation, All Rights Reserved Technique: Intercept transaction (4)

27 27 – 2002 Symantec Corporation, All Rights Reserved Technique: Intercept transaction (5) DWebBrowserEvents2, IHTMLDocument2 Onmouseover User push A or A filled to field. Onsubmit

28 28 – 2002 Symantec Corporation, All Rights Reserved Technique: Silent download

29 29 – 2002 Symantec Corporation, All Rights Reserved Technique: Silent update

30 30 – 2002 Symantec Corporation, All Rights Reserved Technique: Silent update (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Services\SharedAccess\Parameters\FirewallPoli cy\StandardProfile\AuthorizedApplications\List Value: ":*:Enabled:"

31 31 – 2002 Symantec Corporation, All Rights Reserved Steal password

32 32 – 2002 Symantec Corporation, All Rights Reserved Challenge and response Send user name Answer Challenge Answer random Challenge Send one-time password Accepted Calculate one-time password by Challenge and send it Answer fake error page Transfer money

33 Thank You! Hiroshi Shinotsuka Hiroshi_Shintosuka@symantec.com

Download ppt "Advance of Bank Trojan Nov 2005. 2 – 2002 Symantec Corporation, All Rights Reserved Current threat from Bank Trojans Steals online banking information;"

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Follow the instruction to install the PC Suite from the SD card: 1.Go to the settings -> SD Card & phone storage -> Enable the mass storage only mode 2.Connect.

Follow the instruction to install the PC Suite from the SD card: 1.Go to the settings -> SD Card & phone storage -> Enable the mass storage only mode 2.Connect.
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Copyright © 2003 Pearson Education, Inc. Slide 9-1.

Copyright © 2003 Pearson Education, Inc. Slide 9-1.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.

Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Year 6 mental test 5 second questions

Year 6 mental test 5 second questions
Year 6 mental test 10 second questions

Year 6 mental test 10 second questions

Similar presentations

Ads by Google