Security Experts Caution Users against New Banking Trojan

Recently, Internet security firm Symantec identified a new component based Banking Trojan.
 
March 9, 2011 - PRLog -- Over the last few years, the finance and banking industry has been tackling with a range of sophisticated financial malware including Zeus, Bugat, and the more recent Zitmo Trojan and their variants. Usually, banking Trojans are designed to extract authentication information transmitted between a user’s browser and a bank server. Recently, Internet security firm Symantec identified a new component based Banking Trojan. Security researchers have named the Trojan as Trojan.Tatanarg. Several components of the Trojan are installed on the targeted computer, which are capable of performing multiple functions. Tatanarg not only disrupts the anti-virus solutions installed on the computer, but also eliminates other malware such as Zeus Trojan. The Trojan could alter HTML in the browser and insert additional fields on a web page.

One of the features of Tatanarg is to hijack the cryptographic protocol connections such as Security Socket Layer (SSL) and Transport Layer Security (TLS) between the user browser and the bank server and acts a proxy. According to the company, Tatanarg uses the information disseminated from the bank to encrypt outbound traffic and nullifies the certification validation process by creating a dubious certificate on the user’s browser side of the connection. The Trojan creates an impression to the users that they are conducting banking transactions on a secure connection as they are able to view https in the URL as well as the padlock icon.

The Trojan extracts the authentication information submitted by unsuspecting users. Tatanarg also facilitates a remote attacker to control the compromised computer. A remote attacker may issue arbitrary commands to restart the affected computer, purge the browser cookies and terminate active programs and processes.

The extracted authentication information may be used by cybercriminals to steal funds from a user’s online banking account and conduct unauthorized transactions. The collected information may also be sold to their peers in the underground crime market. User awareness is crucial to combat the manifold threats from cyber fraudsters. Online computer degree programs and online tutorials may enable Internet users to acquaint themselves of different types of Internet threats and adopt safe computing practices. Users must vary from downloading malicious attachments and clicking on suspicious links. They must also regularly update the security software to add latest anti-virus signatures. Adherence to security advisories and software updates is vital to prevent breach of computer systems and protecting confidential information.

Information security is crucial to create trust among bank customers and ensure business continuity. Hiring professionals with IT masters degree and other security certifications may help banks in securing their computer networks.

Internet security firms are under constant pressure to deal with the evolving sophisticated threats from cyber-attackers. Online technology degree programs may enable security professionals to learn new techniques and skills that would help them to combat the latest threats and secure the IT infrastructure.

Cybercriminals are expected to evolve more advanced techniques to defraud individuals and corporates. Security firms and software developers must continue to invest in research and develop new technologies to enhance Internet security.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).
End
Source: » Follow
Email:***@eccouncil.org Email Verified
Tags:Banking, Trojan, Bank, Security, Zeus Trojan, Tatanarg
Industry:Internet, Security
Location:Albuquerque - New Mexico - United States
Account Email Address Verified     Disclaimer     Report Abuse
Page Updated Last on: Mar 09, 2011
EC-Council PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share