March 17th, 2006, 02:00 PM
Say Hi to the mouse click capturing Trojan
Security researchers have discovered a keylogging Trojan that captures mouse clicks as well as key strokes. PWSteal-Bancos-Q targets customers of online banking and financial institutions primarily in Brazil. However Australian anti-virus firm PC Tools warns that variants could be created to affect additional online financial sites worldwide.
As well as capturing user keystrokes, PWSteal-Bancos-Q also takes snapshots of the users' mouse clicks and then sends the captured information via file transfer protocol (FTP) to the Trojan's author. The technique is designed to overcome the use of virtual keyboards by many online banking sites in an effort to avoid keylogger infections.
It's unclear how effective the mouse click capturing technique is in practice, but the appearance of the malware indicates a further refinement in malware creation techniques by virus writers. VXers previously created Trojans, such as VB-HV, that are capable of taking screenshots of the systems of infected users.
March 17th, 2006, 02:34 PM
It just keeps geeting harder to make online banking safe...
I haven't had a chance to take a look at the code but regarding the
issue, all it takes for the e-Pin code capture to be effecient is a filename format like dd/mm/yy-hour/minute/second to know the exact sequence.
unclear how effective the mouse click capturing technique is in practice
March 17th, 2006, 03:23 PM
This is actually quite an old concept. We used to use it (and a keylogger) to put together user training sessions. We recorded keystrokes, mouse movement and mouse clicks, and a voiceover.
Sad that people find malicious uses for what was originally perfectly legitimate software. This is the answer of course:
I have no idea as to how good they are, I will have to try it with some of my old training course apps. Mind you, the banks may well have some modern countermeasures that I cannot emulate.
The technique is designed to overcome the use of virtual keyboards by many online banking sites in an effort to avoid keylogger infections.