Sign In
Register
Help
Quote
Monday, January 30, 2012
New Banking Trojan Caught Breaking CAPTCHA
A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog
See Video here: https://threatpost.c...m_campaign=Home
Once downloaded to the machine, Cridex, a data-stealing Trojan, will track content from various web forms. Cridex also downloads a ‘spamming module’ to the infected machine that enables the botmaster to send malicious e-mails to boost infection rates. This module, as shown in the video, utilizes a CAPTCHA-breaking server that helps the botmaster circumvent any CAPTCHA after a few tries, allowing the attacker to create a new Yahoo e-mail account.
The CAPTCHA attempts are sourced from a series of challenge images (embedded in HTTP) that have been gathered from the e-mail registration form and uploaded to the remote CAPTCHA-breaking server.
For more on the methods used by Cridex and the exact steps of the CAPTCHA-breaking process, head to Websense.
New Banking Trojan Caught Breaking CAPTCHA
A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog
See Video here: https://threatpost.c...m_campaign=Home
Once downloaded to the machine, Cridex, a data-stealing Trojan, will track content from various web forms. Cridex also downloads a ‘spamming module’ to the infected machine that enables the botmaster to send malicious e-mails to boost infection rates. This module, as shown in the video, utilizes a CAPTCHA-breaking server that helps the botmaster circumvent any CAPTCHA after a few tries, allowing the attacker to create a new Yahoo e-mail account.
The CAPTCHA attempts are sourced from a series of challenge images (embedded in HTTP) that have been gathered from the e-mail registration form and uploaded to the remote CAPTCHA-breaking server.
For more on the methods used by Cridex and the exact steps of the CAPTCHA-breaking process, head to Websense.
http://community.web...rity-issue.aspx - there are more details and screenshots, etc.
MultiQuote