1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New Banking Trojan Caught Breaking Captcha

Discussion in 'Security Updates' started by snoopy, Jan 30, 2012.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    Monday, January 30, 2012
    New Banking Trojan Caught Breaking CAPTCHA

    A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog

    See Video here: https://threatpost.com/en_us?utm_source=Threatpost&utm_medium=Primary%20Navigation&utm_campaign=Home

    Once downloaded to the machine, Cridex, a data-stealing Trojan, will track content from various web forms. Cridex also downloads a ‘spamming module’ to the infected machine that enables the botmaster to send malicious e-mails to boost infection rates. This module, as shown in the video, utilizes a CAPTCHA-breaking server that helps the botmaster circumvent any CAPTCHA after a few tries, allowing the attacker to create a new Yahoo e-mail account.

    The CAPTCHA attempts are sourced from a series of challenge images (embedded in HTTP) that have been gathered from the e-mail registration form and uploaded to the remote CAPTCHA-breaking server.

    For more on the methods used by Cridex and the exact steps of the CAPTCHA-breaking process, head to Websense.
    http://community.websense.com/blogs/securitylabs/archive/2012/01/30/trojan-caught-on-camera-shows-captcha-is-still-a-security-issue.aspx - there are more details and screenshots, etc.
     
    snoopy, Jan 30, 2012
    #1

Share This Page