SpyEye Trojan attacks Verizon's online payment page

Discussion in 'malware problems & news' started by ronjor, May 18, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,915
    Location:
    Texas
    http://www.net-security.org/malware_news.php?id=1726
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,622
    Location:
    Ontario, Canada
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Hi Ron and Triple Helix,

    I'm a bit confused by the article: it appears to suggest that Verizon's payment page had been attacked.

    But this article states that it's the customer's computer that was compromised by the trojan, which does the code injection:

    Trusteer: SpyEye Trojan Targeting Verizon Customers
    http://antivirus.about.com/b/2011/05/18/trusteer-spyeye-trojan-targeting-verizon-customers.htm
    How do you see this?

    thanks,

    -rich
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,915
    Location:
    Texas
    Looks like a couple of ways it can be delivered.
     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    As far as I can understand, it's attacked from the consumer PC when visiting the payment page.
    Afaict, the MITM/HTML injection is only happening from that PC and not in anyway from the payment system itself (which wouldn't be a MITM attack).

    The Trusteer CTO Amit Klein statement further on, does leave some room for interpretation;
    "Whether it’s on consumer machines, call center computers, or point of sale systems, attackers are targeting endpoints to steal readily available payment card data....", but I think that sentence was only aimed at the 'financial malware trend', mentioned in the article.

    (I've emailed Trusteer, asking for a tad of clarification. Perhaps they'll respond).
     
    Last edited: May 19, 2011
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    I think that this is the case. SpyEye gets onto the consumer's PC (by various methods) which then sets up the injection attack.

    thanks,

    -rich
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.