Tuesday, September 30, 2008

New Trojan Using HTML Injection on Bank Sites

A new Trojan, called Limbo, is making the rounds that inserts data fields into the legitimate web sites of banks, according to Computer World. This is different than a phish, which is a totally bogus duplicate of a legitimate site.

The Trojan was reported by RSA and uses several routes to get onto a user's machine. These include pop-up messages that download programs.

Unlike other injection attacks, this one actually inserts HTML code, with additional fields, right onto a bank's web site, even while the user might be logged in.


Post a Comment

<< Home