Trojan spread through pop-up ads -- Your 2 Cents Worth

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Search | Check update time | Archives: 1, 2, 3, [4], 5, 6 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 04:38:34 12/12/04 Sun
Author: steals bank passwords
Subject: Trojan spread through pop-up ads
In reply to: By Rachel Konrad 's message, "PC invasions" on 08:34:44 12/10/04 Fri

Another IE exploit wants your banking information
Trojan spread through pop-up ads steals bank passwords
------------------------------------------------------------------------
posted 4:09pm EST Thu Jul 01 2004 - submitted by Brian Conant

BLURB
As if IE hasn't experienced enough problems over the past couple of weeks, there is now another serious exploit making the rounds, and this time it wants your banking information. The trojan, which is spread through pop-up ads, uses a Browser Helper Object (or BHO, a DLL that normally would be used to allow a developer to customize and control IE) to capture account information entered into several online banks. Masquerading as an image file named img1big.gif, the file is actually an executable that installs the malicious BHO. Once installed it monitors outgoing HTTPS connections to specific institutions, such as Citibank and Deutsche Bank. When a connection is detected it then snags outbound POST/GET data before it is SSL-encrypted, and then returns its bounty to a specific Web address. Currently IE is the only browser affected, but Mozilla and other browsers have similar extensions which could become targets as well. With no patch or workaround available, about the only recourse is to use a tool called BHODemon--it will allow you to view both good and bad BHOs, giving you the option to remove the bad ones.

http://www.geek.com/news/geeknews/2004Jun/sec20040701025826.htm

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

Pop-up ad agencies to bypass popup blockers -- DOWN WITH POPUPS, 10:31:58 12/12/04 Sun
- Has your homepage been -- HIJACKED?, 10:55:19 12/12/04 Sun
  - My Web browser was hijacked last week -- Beth Cox, 11:14:41 12/12/04 Sun

[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.