Password-stealing Trojan horses used to be all the rage. The software would nestle itself on a PC after opening a bad e-mail attachment or visiting a malicious Web site.
But in response to the increased adoption of stronger authentication, cybercriminals are changing their tactics, according to Alex Shipp, a senior antivirus technologist at MessageLabs. "We have recently seen a move away from stealing user name and passwords," Shipp said during a panel discussion at the RSA Conference 2006 here on Thursday.
The new "bank-stealing Trojans" wait until the victim has actually logged in to their bank. "It then just transfers the money out." "All of the authentication, little keys you have to have in your hand, biometrical things, it doesn’t matter. The bad guy just waits until you’re there and then takes the money out," Shipp said.
