BleepingComputer.com > Bank & Credit Card Theft

Full Version: Bank & Credit Card Theft - Several New Threats

BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods

harrywaldron

Jul 1 2004, 06:44 AM

Currently, there are numerous scams and privacy threats designed to compromise the privacy of bank and credit card information. Ultimately, as account information is emailed back, these malicious individuals most likely will commit fraud and steal available money.

Below are THREE new threats that are designed to steal credit cards, bank account information and logon/password information. It's important to "Think before you click" and as you evaluate email.

PWSteal.Refest
http://www.symantec.com/avcenter/venc/data...eal.refest.html

PWSteal.Refest is a Trojan Horse that installs itself as a BHO (Browser Helper Object) for Internet Explorer and steals online banking information when it is submitted in web forms. Over 50 bank URLs are examined as targets. This may be related to Panda's Bankhook.A description as well.

BankHook.A Trojan - uses IE exploit to capture bank account information
http://myitforum.techtarget.com/forums/tm.asp?m=67757

Padodor.W
http://www.f-secure.com/v-descs/padodorw.shtml

Padodor/Qukart was created by a Russian hacker group called HangUp Team. Padodor backdoor source code was used to create this variant, but the backdoor functionality was removed. Padodor/Qukart steals personal information including credit card numbers, logins and password that a user types and other sensitive data. The Padodor.w variant was found early on June 25th, 2004. The trojan's file is a PE executable 51712 bytes long. The trojan's file is encrypted and the decryption routine is polymorphic. Every time the trojan installs itself, it changes its decryptor, so its file will look different after every installation.

HTML/Phishbank.T.Trojan
http://www3.ca.com/securityadvisor/virusin...s.aspx?id=39480

Computer Associates have received reports of a new e-mail scam being widely distributed that attempts to compromise the recipient's system. Spammed e-mails masquerade themselves as coming from a bank. Messages pretending to be sent by the Bendigo Bank have been reported from Australian users.

The message reads:

QUOTE

Dear Bendigo Bank Customer!

As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts. You are requested to visit our site by following the link
given below. This is required for us to continue to offer you a safe and risk free environment to send and receive money online, and maintain the Bendigo Bank Experience. Be sure to enter both AccessID and PIN otherwise your account will be not verified and access to your account will be blocked

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.