SpyEye Trojan attacks Verizon's online payment page

Discussion in 'malware problems & news' started by ronjor, May 18, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    http://www.net-security.org/malware_news.php?id=1726
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi Ron and Triple Helix,

    I'm a bit confused by the article: it appears to suggest that Verizon's payment page had been attacked.

    But this article states that it's the customer's computer that was compromised by the trojan, which does the code injection:

    Trusteer: SpyEye Trojan Targeting Verizon Customers
    http://antivirus.about.com/b/2011/05/18/trusteer-spyeye-trojan-targeting-verizon-customers.htm
    How do you see this?

    thanks,

    -rich
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    Looks like a couple of ways it can be delivered.
     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    As far as I can understand, it's attacked from the consumer PC when visiting the payment page.
    Afaict, the MITM/HTML injection is only happening from that PC and not in anyway from the payment system itself (which wouldn't be a MITM attack).

    The Trusteer CTO Amit Klein statement further on, does leave some room for interpretation;
    "Whether it’s on consumer machines, call center computers, or point of sale systems, attackers are targeting endpoints to steal readily available payment card data....", but I think that sentence was only aimed at the 'financial malware trend', mentioned in the article.

    (I've emailed Trusteer, asking for a tad of clarification. Perhaps they'll respond).
     
    Last edited: May 19, 2011
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I think that this is the case. SpyEye gets onto the consumer's PC (by various methods) which then sets up the injection attack.

    thanks,

    -rich
     
Loading...
Thread Status:
Not open for further replies.