by Constantine von Hoffman

Malware Hijacks Banks Live Chat Sessions To Steal Info

Mar 02, 20123 mins
CybercrimeData and Information SecurityMalware

Also in the news: U.S. sponsors contest to prove it can use Twitter to track fugitives and Mozilla lets users see which advertisers are tracking them

Malware hijacks banks’ live chat sessions:  The attacks, carried out using the Shylock malware platform, attempts to get bank customers to hand over login info or to authorize fraudulent transactions. The attacks use a browser-based man-in-the-middle approach when users try to login to their online banking application. As The Register reports:

Sessions are suspended, supposedly to run security checks (on the pretext that the “system couldn’t identify your PC”), before a web-chat screen under the control of hackers is presented to victims. But instead of talking to a customer service rep, the mark is actually chatting to cybercrooks, who will attempt to hoodwink victims into handing over login credentials or other information needed to authorise fraudulent transactions. Unbeknownst to the victims, the fraudsters are relaying authorisation data to the victim’s bank during their conversation, carrying out a concurrent fraud in real time.

The malware is called Shylock not because it targets financial transactions but “because every new build bundles random excerpts from Shakespeare’s The Merchant of Venice in its binary.”

Arrests expose IDs of alleged Anonymous hackers:  Interpol arrested 25 suspected members of the hacking collective Anonymous in Argentina, Chile, Colombia and Spain. At least some of those arrested are suspects in cyber attacks on Colombia’s defense ministry and presidency and Chile’s Endesa electricity company and national library. Interpol said that it begun looking for the hackers as part of “Operation Unmask,” an initiative that launched in mid-February in the wake of those attacks. After the arrests Interpol’s public website was taken down and hackers claimed responsibility.

U.S. sponsors contest to prove it can use Twitter to track fugitives: The State Department is launching a contest to see if it can crowd-source finding people wanted by authorities. The Tag Challenge, wich starts at the end of the month, asks participants to find and photograph five fictitious suspects in five different cities in the U.S. and Europe. The first person or team to submit photos of all five will win $5000. According to organizers, the “goal is to determine whether and how social media can be used to accomplish a realistic, time-sensitive, international law enforcement goal. Results, strategies, and any data derived from the event will be made public after its conclusion.”

Mozilla lets consumers track advertisers who track them: A new add-on for Firefox lets users see where and how they are being tracked by advertisers. The programs is called Collusion and, according to Mozilla CEO Gary Kovacs, it “will allow us to pull back the curtain and provide users with more information about the growing role of third parties, how data drives most Web experiences, and ultimately how little control we have over that experience and our loss of data.”