Online Banking Security: Beware of OddJob Trojan
If you have been using online banking for the past, then you know for sure that it is a wise habit to log out of your web session every time you complete a transaction. Don’t just close the window. You need to make sure that nobody can take a look at your transactions and your password. So every time you complete a transaction, make sure you log out.
But there is a new malware out there, which makes it difficult to know if you are logged out or not. It is called the OddJob Trojan. According to Trusteer, this new Trojan has the ability to hijack the sessions of online banking customer in real time. This Trojan then uses the session ID of customers even if they think that they have logged out. This is perhaps the reason why it is now called the Oddjob Trojan.
At first, the Oddjob Trojan would infect the browser. After some time though, it will live inside the browser session. It will then intercept all the traffic related to the session of the browser. If the user has authenticated his or her identity in the online banking website, the OddJob Trojan can and will modify pages displayed. The user will see a logout screen. But in reality, the OddJob Trojan has left the real online banking session open. After this happens, the OddJob Trojan will then gather important information, which will enable hackers to get money from unsuspecting customers.
Malware that seeks to exploit the security vulnerabilities of banks are on the rise. Perhaps, this is because the hackers are increasingly becoming sophisticated and the possibility of being caught is very low. To make things worse, banks are also helpless because they wouldn’t know if a customer’s browser is infected by this OddJob Trojan or if the transaction is legitimate.
Customers who are also cautious and are taking extra precautions to protect themselves may not know they are infected. More often, though, PC users and even the antivirus and computer security manufacturers are almost always left behind by these hackers. When a new Trojan is developed, it will take days or weeks before an effective anti-virus would be developed. This makes the computer and online security industries reactive.
What can customers do then, in the face of this relentless threat?
Make sure that your security systems are up to date. Don’t click on any link sent to you via email. If you want to verify anything on your bank, go to the official bank website by typing the URL in your browser.
In online banking, prevention is still way better than cure!