Friday, May 20, 2011

New 64-Bit Rootkit Being Used to Steal Banking Credentials

Via Threatpost.com -

Security researchers have come across a new rootkit that is designed specifically to infect 64-bit Windows systems and steal users' online banking credentials. It's believed to be the first piece of malware of its kind that is capable of compromising x64 systems.

The new rootkit is being used by attackers in Brazil as part of drive-by download attacks and is then used to steal banking credentials after the infection. The malware has the ability to change some of the boot configurations of infected machines and then aims to redirect users to phishing sites. The new rootkit can infect machines running either 32-bit or 64-bit versions of Windows.

The drive-by download is accomplished by using a malicious Java applet that is targeted at older versions of the Java Runtime Environment. The applet includes a number of files that each have different jobs to do once they're on an infected PC, including one that disables the Windows User Account Control mechanism.

[...]

The rootkit mainly is being seen in Brazil right now, a country where the penetration of online banking is extremely high.


------------------------------------------------------------------

Rootkit Banker - now also to 64-bit
http://www.securelist.com/en/blog/11266/Rootkit_Banker_now_also_to_64_bit

No comments:

Post a Comment