Crafty OddJob malware leaves online bank accounts open to plunder

The newly reported Trojan's unusual traits showcase the ongoing evolution of malware

A newly revealed Trojan dubbed OddJob, designed to keep online banking sessions open after customers think they have logged off, is the latest of example of just how dangerous creative malware developers have become.

Security company Trusteer reported today that it discovered the OddJob Trojan months ago and has been monitoring it ever since. Cyber criminals in Eastern Europe have been using it to attack the customers of financial institutions in various countries, including the United States, Poland, and Denmark.

In general, the Trojan works by intercepting user communications via Internet Explorer and Firefox. Tapping users' session ID tokens, the malware is capable of stealing and injecting information into user sessions, as well as terminating them, all in real time. The end result: Cyber criminals are able to surreptitiously steal money and commit fraud.

The Trojan has some notable difference compared to other Trojans, according to Trusteer. For one, it remains a work in progress and is already cropping up in different forms, both in terms of functionality and the way the C&C (command and control) protocols operate. Depending on its configuration, OddJob is capable of performing different actions against targeted websites, including logging Get and Post requests and grabbing full pages. All logged requests and swiped pages are sent to the C&C server in real time.

A second differentiator, according to Trusteeer, is that OddJob is capable of bypassing logout requests so that when users think they've gone through the logging out process, the cyber thief remains connected to an active user session.

A third notable difference is that OddJob's configuration is not saved to disk, making it less likely to trigger installed antimalware software. Rather, each time a new browser session is opened, a fresh copy of the configuration is fetched from the C&C server.

Trusteer's advice to financial institutions is to be vigilant, apply software updates, keep abreast of new threats, and deploy security products to defend against them. Users, meanwhile, need to avoid visiting suspicious websites and downloading suspect email attachments; they also need to ensure their systems are protected by firewalls and up-to-date antivirus software.

This story, "Crafty OddJob malware leaves online bank accounts open to plunder," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow on Twitter.


Copyright © 2011 IDG Communications, Inc.