Sign in / up

back to article Oddjob Trojan keeps banking sessions open after victims log out

Miscreants have created a banking trojan that keeps victims' accounts open to plundering even after their marks log out of their accounts. The memorably named OddJob Trojan hijacks customers’ online banking sessions in real time using their session ID tokens. By keeping accounts open even after victims think they have quit, the …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    Boffin

    It's Groundhog day all over again Yogi

    > OddJob Trojan hijacks customers’ online banking sessions in real time using their session ID tokens ..

    How does OddJob get onto the computer, what Desktop Operating Systems are not vulnerable, why does this feel like Groundhog day all over again Yogi?

    -------

    'What would you do if you were stuck in one place ... and every day was exactly the same, and nothing that you did mattered?'

    3 0
    1. The Alpha Klutz
      Reply Icon
      Unhappy

      Groundhog day

      'What would you do if you were stuck in one place ... and every day was exactly the same, and nothing that you did mattered?'

      They made a movie about my job? When can I see it?

      0 0
  2. Wommit
    Thumb Up

    But

    at least he got a cat for his lunch.

    0 0
  3. Anonymous Coward
    Anonymous Coward

    "only able to report on it now following the conclusion of a police investigation."

    I smell Bullshit.

    The police investigated? Sure....

    0 0
    1. Fractured Cell
      Reply Icon

      The title is required

      It was the Cyber-Police!!!

      1 0
    2. Displacement Activity
      Reply Icon

      BS

      Agreed. Even if they're not lying, why would anyone buy software from a security company that kept quiet until the "police" had completed their "investigation"?

      0 0
  4. Ian McNee
    Headmaster

    Mitigation?

    This is very interesting, especially to hear about malware with novel features that appears to be in development.

    However, reading the Trusteer blog post, it's disappointing that the only mitigation they suggest is "buy our software". Doesn't inspire confidence in the disclosure.

    3 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Buy it?

      Some banks try to force it on you

      0 0
      1. Ian McNee
        Reply Icon
        Badgers

        And you think...

        ...that banks get Trusteer Rapport for free? And do you imagine banks don't recover such costs from us in the form of charges and interest rates?

        But that's not the main point, which is that any IT security outfit worth its salt offers analysis of mitigation that can be implemented by sys admins and end users. Without that this is hard to distinguish from a corporate form of scareware: buy our software or your customers will be pWn3d!!!

        0 0
  5. Matthew Collier

    Because Trusteer Rapport...

    ....is well known for it's high quality....right?

    0 0
    1. Danny 14
      Reply Icon
      FAIL

      indeed

      I wish santander would fuck off asking me to install it.

      2 0
      1. Peter Johnstone
        Reply Icon
        FAIL

        I concur

        I get pestered to download it when I log in to my account, and I already have it installed. In fact I downloaded it from the bank's site a year or so ago.

        0 0
  6. Anonymous Coward
    Paris Hilton

    Easy explenation

    "following the conclusion of a police investigation."

    Yea, they had to wait till the police had released someone from the compagny, because apparently the control center was located in our offices ....

    well, it would make sence.

    Paris, cause she makes about as much sence.

    0 0
  7. Anonymous Coward
    Flame

    Wow

    I read the original report, seems totally incompetent on Trusteer's part.

    Wow, just Wow.

    Trusteer is NOT to be trusted, EVER, IMHO.

    0 0
  8. Ef'd
    Joke

    Gets its configuration in from a server

    Malware 2.0? TaaS (Trojans as a service)? Now we just need a new breed of virus to infect our webapps.

    0 0
  9. Trev 2

    Not sure it'd have that much of an effect

    I'd assume most banking systems now implement some form of serious security when making payments to another non-customer owned account? Eg: Lloyds TSB auto phones you up, then you enter a code given on the screen into the phone and after 2 days you can initiate the transfer.

    Assuming all other banks do something similar, the open session is rather useless for transferring money out to Eastern Europe.

    Hang on...maybe the trojan uses the same mind control techniques as shown by the ZX Spectrum with those wavy lines on the "loading" screen and gets you to authorise the transaction manually, eg: walk down to the bank? Clever things computers...

    Need a Clive Sinclair with horns icon!

    0 0
  10. Pete 8
    Thumb Up

    This would be useful for

    putting money back into the pockets of thise who have been systematically robbed :)

    0 0
  11. Shannon Jacobs
    IT Angle

    What did Oddjob say?

    I'm afraid that I was left mostly wondering about the quote from Oddjob that's referenced in the footnote. I can't recall that he said anything...

    Off to Google...

    0 0
    1. Sarah Bee (Written by Reg staff)
      Reply Icon

      Re: What did Oddjob say?

      Picture caption.

      0 0
  12. Shannon Jacobs
    Alert

    Aha!

    That's it. It was on the caption to the picture. However, if Oddjob was supposed to be a deaf mute, how did he say that much?

    0 0
This topic is closed for new posts.

Other stories you might like