Hackers use Trojan to target bank customers

22.03.2006
Hackers have been quietly infecting hundreds of thousands of computers worldwide with a particularly sophisticated Trojan horse program designed to steal bank account information and other sensitive data from compromised systems, according to security researchers.

The attacks have been going on for several weeks and appear for the moment to be largely targeted at customers of several large banks in the United Kingdom, Spain and Germany, the researchers added.

"This is one of those big, under-the-radar threats that we've been concerned about" for some time said Ken Dunham, director of the rapid response team at VerSign Inc.'s iDefense unit. "There has been a trend away from big-bang attacks to very targeted and sophisticated attacks that take place right under your nose. This is one of them."

According to Dunham, hackers have been sending out hundreds of thousands of e-mails prompting users in those three countries to visit malicious Web sites that use a Windows Metafile (WMF) exploit to download a Trojan program called MetaFisher on a victim's computer.

The Trojan, which is also known as Spy-Agent and PWS, is then used to collect and send bank account and personal information from the compromised system to remote servers where the data is harvested.

What sets MetaFisher apart from the hundreds of other similar Trojan programs is the sophistication of the command-and-control servers used to control it, said Eric Sites, vice president of research and development at Sunbelt Software Inc. in Clearwater, Fla.