New version of SilentBanker Trojan causes concern
Warnings have been made about an improvement to the SilentBanker Trojan.
According to Symantec researcher Liam O'Murchu, it has been improved to the extent that it is harder to detect and more effective at stealing data. Originally identified last year, the new version has a rootkit that makes finding infected files very difficult.
The rootkit ensures that when a user tries to search in the registry for files that indicate an infection, it is hidden from view as the Trojan intercepts the search request.
SilentBanker is particularly good at defeating two-factor authentication, which involves the user having a separate log-in token that is synchronised with the bank's server to augment a password. The Trojan subverts the two-factor transaction by intercepting communications before they are encrypted and forwarding them to the attacker, essentially making the security of two-factor authentication useless.
O'Murchu said: “Whenever a user tries to view any files on the computer, the Trojan intercepts that request and removes any reference to the Trojan's files, making the files invisible.
“The last version of SilentBanker targeted over 400 banks, some of which use two-factor authentication. The current version, as well as hiding itself, has added extra protection to its configuration files in order to make it more difficult to discover which sites are being targeted.”