In a recent blog post, RSA FraudAction cybercrime communications specialist Mor Ahuvia warned that a "Trojan attack spree" is planned targeting 30 U.S. banks.
"Based on an analysis of 'underground chatter,' researchers have determined that a Russian-speaking cyber gang is preparing to launch a large-scale attack in which fraudsters will infect victims' computers -- mostly belonging to home users -- with a Trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers on their behalf by hijacking live banking sessions," writes SC Magazine's Dan Kaplan.
"Unlike the original Gozi, the new version is capable not only of communicating with a central command-and-control server but also of duplicating the victim's PC settings," writes PCWorld's Jaikumar Vijayan. "The Trojan essentially supports a virtual machine cloning feature that can duplicate the infected PC's screen resolutions, cookies, time zone, browser type and version and other settings. That [allows] the attacker to access a victim's bank website using a computer that appears to have the infected PC's real IP address and other settings, Ahuvia said."
"Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters," Ahuvia writes. "RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date."
"RSA wasn’t specific about where it got its intelligence, but the report’s finding appear tied to a series of communications posted to exclusive Underweb forums by a Russian hacker who uses the nickname 'vorVzakone,' which translates to 'thief in law,'" writes Krebs on Security's Brian Krebs. "This is an expression in Russia and Eastern Europe that refers to an entire subculture of elite criminal gangs that operate beyond the reach of traditional law enforcement. The term is sometimes also used to refer to a single criminal kingpin."