Security Professionals Detect SpyEye Trojan Attack Targeting Verizon Customers

Recently, security researchers at Trusteer identified a SpyEye Trojan attack targeting Verizon customers.

Albuquerque, NM (prHWY.com) May 19, 2011 - Albuquerque, NM, United States - Trojan attack is one of the common techniques used by cybercriminals to steal sensitive information. In the recent years SpyEye Trojan has been in the news for stealing financial information. The Trojan attempts to capture network traffic by injecting code into running applications. The Trojan steals information from web browsers and comes with rootkit capabilities, which allow the malware to hide and avoid access to its processes, binary information and registry entries. The Trojan sends extracted information to remote attackers. Recently, security researchers at Trusteer identified a SpyEye Trojan attack targeting Verizon customers. The attack reportedly took place between 7th and 13th of May. In this case, the Trojan waits for a legitimate customer to enter the login credentials and access the online payment page of Verizon. Once, the customer attempts to access the billing page, the Trojan uses HTML injection technique to alter the page displayed on their web browser. Usually, the altered web page is strikingly similar to the legitimate web page, making it difficult for Internet users to doubt the authenticity of the displayed web page. The altered web page seeks personally identifiable information such as first and last names, date of birth, mother's maiden name, street name, city and zip code, phone number, type of phone, citizenship, social security number, card number, expiration date and Card Verification Value (CVV).

Attackers may use the stolen information to make unauthorized online transactions, make counterfeit payment cards, withdraw funds, and commit identity theft or fraud. They may also launch phishing attacks and send spam e-mails to target Internet users. They may use social engineering techniques to extract further information through e-mails and phone. Cybercriminals may also trade the stolen financial information in underground crime market.

Security researchers opine that such types of attacks make it difficult for banks and credit institutions to trace the exact source of fraudulent transactions. Researchers also highlight the growing trend of attacking endpoints such as computer systems and Point of Sale (POS) terminals.
Users must exercise caution, while providing personal and financial information on the Internet.

They must be wary of providing e-mail addresses on all sites. In case of suspicion, they must contact the respective bank or online shopping site on the contact number provided on the legitimate website, or banking kits and booklets. As attackers may also target employees working in banking industry, organizations must educate employees on online threats such as malware attacks and social engineering threats, and data security practices through mandatory e-learning and online IT degree programs.

Banks and credit institutions must also create information security awareness among the customers through e-flyers, online tips, and advertisements in print and electronic media. Hiring professionals qualified in information security, technology and IT degree programs may help banking and payment card industry in devising and implementing new security mechanisms.

Online IT courses may help professionals in learning new skills and enhance their technical expertise. Participation in IT security conferences, seminars, discussions may help information security professionals to understand latest developments and initiate appropriate measures to strengthen the information security infrastructure.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: online shopping, banking, credit card information, information security, verizon, trusteer, spyeye, trojan attack

Categories: Security

Link To This Press Release:

URL HTML Code