By Kim Zetter
September 30, 2009
New malware being used by cybercrooks does more than let hackers loot a
bank account; it hides evidence of a victim's dwindling balance by
rewriting online bank statements on the fly, according to a new report.
The sophisticated hack uses a Trojan horse program installed on the
victim's machine that alters html coding before it's displayed in the
user's browser, to either erase evidence of a money transfer transaction
entirely from a bank statement, or alter the amount of money transfers
The ruse buys the crooks time before a victim discovers the fraud,
though won't work if a victim uses an uninfected machine to check his or
her bank balance.
The novel technique was employed in August by a gang who targeted
customers of leading German banks and stole Euro 300,000 in three weeks,
according to Yuval Ben-Itzhak, chief technology officer of computer
security firm Finjan.
"The Trojan is hooked into your browser and dynamically modifies the
text in the html," Ben-Itzhak says. "It's a very sophisticated
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News