00:00
00:00
Wurfel-Waffles
Just a super geeky guy who composes music in spare times.

Age 41, Male

Software Developer

TUM

Canada

Joined on 2/9/12

Level:
2
Exp Points:
20 / 50
Exp Rank:
> 100,000
Vote Power:
1.98 votes
Audio Scouts
2
Rank:
Civilian
Global Rank:
> 100,000
Blams:
0
Saves:
1
B/P Bonus:
0%
Whistle:
Normal
Medals:
22
Supporter:
11m 29d

Banking Trojan

Posted by Wurfel-Waffles - March 22nd, 2012

Banking Trojan - Hidden Transformers

What is a Trojan Horse?

Perhaps many of you who visits my posts have read and known the origin(s) of the legendary and perhaps-true tale on the Fall of Trojan city?

From Wikipedia:"In the canonical version, after a fruitless 10-year siege, the Greeks constructed a huge wooden horse, and hid a select force of men inside. The Greeks pretended to sail away, and the Trojans pulled the horse into their city as a victory trophy. That night the Greek force crept out of the horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greeks entered and destroyed the city of Troy, decisively ending the war."

Wait, what does computer science have anything to do with this old tale? Put this way: It's a metaphor to any situation that has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or space. An embedded malware inside a looking-safe piece of software. Facts are it's a piece of shit.

Why does banking have anything to do with this?

Come on! What does your financial or even life-time properties have nothing to do with the little looking-harmless malwa... I mean program? =P

Its jobs are to record, keylog, capture private info that related to your banking details and cause mayhem as much as possible to your systems. Here is the shittier things, sophisticated banking malware infects all types of OS equally so don't ever think Linux, BSD or OS X are save havens for you, forever.

So does this Trojan comparable to a transformer?

Nope. Well, much worse than a comical 'transformer', also not like those transformers in the electric socket, duh!

'Why is it like that' is a magical phrase or question. Trojan horse, unlike traditional worm and virus, do not replicate itself. However, it defensive goals are to stay hidden and 'ninja' with... the Anti-Virus (AV) system as much as possible. Kill the guards, get the lambs. By 'ninja', I really mean with mayhem making and toying.

As a senior sec researcher myself although cyber virologist is my main field but I have encountered and even have the hands on source codes of one of the most powerful trojans ever. I tend to write my own version, think of it as a vaccine, for personal research.

What is the different between a traditional trojan and a banking trojan?

The different? You get more nastier mayhem and impressive ways to get infection by banking trojan than its original siblings.

Anatomy of a Banking Trojan:

1. Outer Contents - Purposes of the fake program such as anti-virus, malware cleaner, instant message, etc... up to illegal executable as keygen, cracktro, patch, ripper.

2. Inner Contents -

- Sensors - Port scanner, pinger, netcat (or similar), socat (or similar), procedural MD5/hash cracker, packet sniffer.

- Infections - HTML injector, JavaScript, PHP, Perl, SQL, ActionScript (take this mandog!)... drive-by-download . Most famous attack ever, probably not really use in banking but stealing emails: Operation Aurora by the Chinese via Google system and SQL drive-by attacks.

3. Where to?

- To system files and make various versions of itself - this is not replica, since it's prescripted not self-act. Usually stay at Assembly and register keys.

- To RAM, fuck yeah. I have successfully found a way to inject temporary macros into RAM to cause AV goes nuts. Perfect as hell.

- To BIOS.

- To your most precious place... private browser, email, user info? Download straight to the user of the trojans.

Now the worst part, Mayhem!

What could it cause? CPU high usage, RAM overload - stack-overflow, buffer overflow, unthinkable of unlimited way of message boxes, BSoD (classic!), Kernel panic (wait there Linux jerks!), random playing music, download more trojans, block your internet and... make you part of the botnet for future infections.

Most uses and dangerous trojans:

Zeus kits - capable of p2p and bandwidth infection; Zeus hold the position of top banking exploit/trojan kit ever. Originally made my Russian, it licensed for over $3000 per months for scammers, spammers and phishers. But now it has be made freely available. Open source really has its dark side...

Blackhole Exploit Kit - Made in Russia. Licensed for over $1000 but now has been freely available. Hold the position of top most mayhem causing and second position of most dangerous banking trojan.

Koobface - Not really a banking trojan in general, however it spreads on Facebook systems. Creators arrested. Still in use.

SpyEye - license for $2300 on darknets. use dorks and queries powers to find vulnerable sites to inject itself. My harmless dork bots were written based on it. I'm not copycat at all, in fact I just used the concepts to take advantage on Google/Bing dorks. Like I said, for personal research.

Torpig, Crimeware, Clampi, URLZone...

Prevention?

No porn shit, especially xxx domains, avoid illegal contents by all cost. No shit like 'hacker' tools by Anonymous or Lulzsec, use as your own risks.

Why no helping me remove it?

I'm heartless bro. I tend to be pro-mayhem maker rather than a nice little tech guy try to help others. I only helped you by writing this post, publicly.

Good day. Another white paper, may be?

Comments

Log in to Comment

Comments ain't a thing here.

Main Sections

Extra, Extra!

Community

NG Related

©Copyright 1995-2024 Newgrounds, Inc. All rights reserved. Privacy Policy | Terms of Use