Hackers Using USB Drives to Spread Banking Malware

Boy, if this isn’t a good idea for some hackers to implement, then I don’t know what is. They have left USB drives in a London car park in hopes that users will carry them home and insert them into a USB drive, infecting their computers with the malware they have created to steal login id’s and password to the users online banks.

Banking Trojans are written for profit and sold through Russian language websites and elsewhere for between $2,000 and $5,000. Two of the main groups of Trojan malware authors – Corpse and SE-Code – are based in Russia and “market” the Haxdoor and Apophis strains of banking Trojans. An unknown Russian speaking virus writer group is behind Torpig, another banking Trojan family. Malicious code variants of the Bancos Trojan are sold by an unnamed group in Brazil. Source: Hackers debut malware loaded USB ruse

A commenter suggested checking out this webpage from Dark Reading, Social Engineering, the USB Way in which a bank asked them to try to social engineer their way on the banks network to test out their employees. The employees even knew they were going to be tested, the gentleman from Secure Network Technologies Inc created a program that collected userids and passwords, loaded it onto USB drives and left them in the parking lot, smoking areas and other places that employees went and waited to see what happened. They almost immediately started receiving data as 15 of the 20 USB drives were found and inserted into users computers.

This may prove hard to beat, as people finding a USB drive will want to plug it into their computers to see what is on it. Very interesting.