News and Notes from the Makers of Nexus | Sonatype Blog

Automatic Transfer System Evades Security Measures, Automates Bank Fraud

Written by Ali Loney | June 18, 2012

SecurityWeek – (International) Automatic transfer system evades security measures, automates bank fraud. Trend Micro June 18 released a new report that identifies an Automatic Transfer System (ATS) that enables cybercriminals to circumvent many bank security measures and drain victims’ bank accounts without leaving visible signs of malicious activity. In the new whitepaper, “Automatic Transfer System, a New Cybercrime Tool”, Trend Micro examines the automatic transfer systems within two well-known crime kits, Zeus and SpyEye. Automatic transfer systems are added to the various crime kits as part of the Webinject files. They arm criminals with the ability to move funds from a victim’s account without them being aware. In short, while the victim is performing one type of action, the ATS is transferring money. “Various active ATSs currently found in the wild are being used by cybercriminals to conduct automated online financial fraud,” the whitepaper explains. “These versions use a common framework. Their base code does not change from one version to another. New functionality has been introduced in more recent versions, - 5 - however, in order to address new security measures”.

Source: http://www.securityweek.com/automatic-transfer-system-evades-security-measures-automates-bank-fraud