Trojans are the hope of cyber fraud and are still beginning to control its present. Trojan automated what had before been made by hand; it just downloads a victim’s stored data or records the keystrokes, rather than rely upon user to enter his or her information into a phishing pages fields.
Malicious code targeting financial institutions can be broadly classified two categories: target code and generic, kit based Trojan . Whereas malicious code author design particular Trojan horses to target only financial institutions with login system and with extra sophisticated design rather than standard user name and password, less sophisticated pieces of malicious code such as generic keystroke logging Trojan and generic from grabbing Trojan also cause financial burdens on institutions.
There are many special classes of Trojan, marked by their behavior function, not on their design or distribution scheme.
Keystroke logging
Few information stealing software such as keyloggers or keystrokes, which records each typed on victim’s keyboard. Keystroke logging creates huge amounts of data that includes spaces, backspace and line breaks keys. The authors have included keystroke logging in Trojan and Remote Administration Tools (RAT) toolkits . A lot of additional varieties of Trojans have a standard keyloggers that collects huge amount of stolen data, even though if the attacker is not targeting specific site.
HTML Injection
This HTML injection attack is a method for the attacker to perform on the fly phishing attack. The victim real banking web site and HTML added code is injected into the page after the page is finished loading. However, HTML injections are not a novel method to stealing credentials and other personal information. This permits attack to encapsulate field that are actually not a part of standard format but leaves valuable information (Figure 1 & Figure 2).
No comments:
Post a Comment