So URLZone is the start of what looks to be a blow against may companies anti-fraud systems.Â
The trojan, a botnet of about 6000 systems at the end of September, conduct bank transactions on the user's system. The new troublesome twist; it monitors HTTP for the bank site and modifies the numbers that the user sees for transactions it conducts so that the user doesn't think much of it. It's also careful not to draw down too much so that the account goes out of balance. It steals between $4000 and $15000 from each account, but picks a random number to further evade anti-fraud systems. The activity has only been witnessed in Europe, specifically Germany, but it should pop up in the US soon.
Why is this trojan such an issue? Well, a client can't report to you what they don't know about... in other words someone would normally notice $10k gone from their account. Now they may not report an issue for months as there may be enough free cash for them to go on with their daily expenses.
Second, the next likely move by malware writers is to scrape your account history and take some amount around the average of your transactions. This will likely mean the transaction now slips under every fraud engine on the market.
One could try out of band authentication, possibly by phone. Unfortunately the bad guys are way ahead of you and forwarding a phone in this day and age of VoIP services is childsplay... not to mention with a transaction hidden in the noise you would be left authenticating every transaction this way. Now maybe you think that stealing $500 is better than $15k but the reality with slick automation these guys can pick $500 from hundreds of accounts a day, resulting in the same if not more profit.
Â
