RealTime IT News

Warning on Malicious Bot Hitting Banks

Has a malicious bot secretly infected over a million computers and likely to spread to many times that? That's the contention of security firm iDefense, a Reston,VA-based company owned by VeriSign.

Metafisher, also known as Spy-Agent and PWS, are considered the most sophisticated bots focused on financial fraud, according to iDefense. With multiple variants, the bot (a self-running program) can be spread through numerous means, including an e-mail that prompts users to visit a Web site, whereupon it exploits a Window security hole known as WMF, for Windows Metafile exploit.

Microsoft's electronic Windows Update software and various anti-virus firms have issued patches to protect against WMF exploits. But users who have not made those updates would be at risk.

Encrypted FTP  communications are utilized by the attacker to control bots. Although the identity of the attacker(s) is unknown, iDefense analysts said they broke the encryption and have been monitoring the threats for several weeks. The company said it's working to take down hostile sites used in the attack. At press time, details of the extent of that effort and whether there are plans to get government agencies involved could not be confirmed.

"MetaFisher uses HTML inject techniques to phish information from victims after they authenticate to a targeted bank account," Ken Dunham, director of iDefense's rapid response team, said in a statement. "This enables the attackers to steal legitimate TAN numbers, passwords, or other sensitive data required for fraud activities."

Dunham said Metafisher has targeted financial institutions in Spain, the United Kingdom, and Germany.