Net Threat Targets Banks

Security researchers are warning of a new security threat making the Net rounds: A file that appears to spread through pop-up ads and capture personal data.

Banks in the Crosshairs

The Trojan horse file poses as an image file named "img1big.gif" but is actually an executable that installs a malicious add-on to Microsoft's Internet Explorer browser. The add-on, known as a BHO, or browser helper object, then monitors for and records outbound data to the Web sites of several dozen financial institutions, according to an analysis posted on the SANS Institute's Internet Storm Center Web site.

Targeted Web sites include those operated by Citibank NA, Canadian Imperial Bank of Commerce, and Deutsche Bank AG, according to the analysis.

Chasing a Storm

"I believe that this particular type of malware represents a huge threat to the online financial industry," researcher Tom Liston wrote in the report. "As the proliferation of ad/spyware shows, installing executable software on a user's machines is far too easy."

The Trojan horse came to the Internet Storm Center's attention when a user found the file on a machine at his company and sent it in for analysis.

The Internet Storm center recommends a tool called BHODemon, which lists all BHOs installed on a system and allows the user to disable malicious ones. The free program is available at http://www.definitivesolutions.com/bhodemon.htm.