Sophisticated malware mutates to bypass security protection warns Trusteer
A new banking Trojan infecting PCs with a man-in-the-browser attack is extremely sophisticated and comes with "a full bag of tricks" security company Trusteer is warning.
The Tilon Trojan is able to inject itself into an "impressive list of browsers" including Internet Explorer, Firefox, Chrome, the company said. Amit Klein, Trusteers' chief technology officer, said Tilon manages to evade detection by most security software.
The victim is infected by either visiting a website that has been compromised by the criminals or via email campaigns, which entice them to infected pages. They do not have to click on anything as Tilon automatically starts to download.
It is targeting UK and European banks and will control the traffic between the browser and banking website, collecting passwords, personal details and account numbers before sending these to the command and control servers used by the criminals.
Trusteer said one of the most impressive aspects of Tilon is the breadth of evasion techniques it employs to avoid detection and scrutiny and to survive "attacks" by security products.
"Some of the evasion techniques we are aware of include Tilon installing itself as a service with a genuine-looking name. We have also seen it start a watchdog thread that monitors its service entry in the registry and its executable file on disk.
"If these are tampered with, Tilon restores them within three seconds. This mechanism resists removal by many security products," the company said.
Updating your subscription status