Beware of the Silent Banker

Yesterday, Steve sent me an e-mail about a nasty little Trojan virus that steals information from your computer when you attempt to log in to your banking Web site. So, if you do any kind of online banking, you should keep an eye out for this one. The Trojan has been named SilentBanker and seeing how it works, that is a very good name for it. This little bug works by changing your log on information in a fashion that will pass your data (and money) on to the attacker. It will change the log on screen for your bank just slightly and you will be asked to re-enter your password.

The little box asking you to re-enter your information is the Trojan’s own code and it will redirect your information to the hacker’s chosen location. Here is a screenshot taken from the Symantec Web site that shows what all of this looks like.

If your original log in screen looks like this:

The Trojan will make it look like this:

I know those are in another language, but you get the idea. The Trojan has added the bottom box that asks for your password again.

The worst thing about this Trojan is that it will still work even if your banking site is a secure site. That’s possible because the attack happens in between your computer and the bank’s Web site. According to Symantec, this bug is set up to attack 400 different banking sites in several different countries. At this time, the Trojan is labeled at a low threat level, but I thought it would be a good idea to bring it to everyone’s attention today, simply because of the damage it can cause.

If you feel like you may be infected with this Trojan or you want to ensure that you’re not, Symantec has detailed removal instructions that are available on their Web site. The directions can be found here.

Note: Steps 2 and 3 are written for Norton Antivirus users only. If you don’t use Norton Antivirus, just skip past those two steps, update the antivirus software you do use and then run a full system scan. Until next time, stay safe out there, my friends!

~ Gary