Cyber crime new threats

In its Cybercrime Intelligence Report, anti-virus provider Finjan details how cyber-criminals are using Trojans, such as the URLzone bank Trojan, and new anti-fraud detection tactics to sidestep quick identification of the crime by both banking customers and the banks themselves. According to this report, cyber-criminals can buy an online crime toolkit, such as LuckySploit, for anywhere from $100 to $300. These kits contain exploit code and a management interface for injecting attack software into Web sites.

First, the crooks managed to either infect a legitimate Web site, or setup a fraudulent site to lure victims. Second, they must have presumably managed to sidestep any anti-virus that was installed. Third, bypass one-time-password authentication by making certain that the attacker has commandeered the browser session during a banking transaction. They then fake the statement presented to the consumer online. And, finally, craft transactions so that they avoid detection by the anti-fraud controls the bank may have in place. That sophistication reveals the level of motivation, and skill, banks and consumers are up against.

Information Week