A new type of banking Trojan horse actually steals money from your account while you are logged in and displays a fake balance.
The bank Trojan, dubbed URLZone, has features designed to thwart fraud detection systems that are triggered by unusual transactions. For instance, the software is programmed to calculate on-the-fly how much money to steal from an account based on how much money is available.
The Trojan, which exploits a hole in Firefox, Internet Explorer 6, IE7, IE8, and Opera, was responsible of the theft of nearly $438,000 during a 22-day span in August.
This is reportedly the first Trojan that hijacks a victim's browser session, steals the money while the victim is doing online banking, and then covers its tracks by modifying information displayed to the victim, all in real time.
Meanwhile, Payroll processor PayChoice said it is investigating a breach in which customers received targeted e-mails purporting to be from the company but were designed to trick people into downloading malware. Workers received e-mails last week that directed them to download a browser plug-in or visit a Web site so they could continue accessing the Onlineemployer.com PayChoice portal.
The e-mails were targeted to individuals and included their user names, log-in IDs and partial passwords, thus increasing the chance that recipients would be likely to fall for the ruse.