Skip to main content

New Trojan threatens Internet banking authentication systems

Tier-3 says that a new Trojan, spotted in various forms by Symantec in recent weeks, now poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers.

"Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone," said Geoff Sweeney, CTO of Tier-3

"This new Trojan, Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man- in-the-middle type attack during an e-banking session. This effectively counters the protection afforded users by the two-factor authentication technology," he added.

The good news, says Sweeney, is that provided users keep their IT security software up to date, the software should spot the Trojan as it attempts to infect the users' PC.

"The danger is that hackers will develop several variations on a theme with this and other Trojans, generating the Trojan equivalent of a series of zero-day attacks. At that point, the efficacy of conventional security software starts to wane," he explained.

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.