We have found a new type of financial malware with the ability to hijack customers’ online banking sessions in real time using their session ID tokens. OddJob, which is the name we have given this Trojan, keeps sessions open after customers think they have “logged off”’, enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users’ digital – and online monetary – assets. We have been monitoring OddJob for a few months, but have not been able to report on its activities until now due to ongoing investigations by law enforcement agencies. These have just been completed.


The most interesting aspect of this malware is that it appears to be a work in progress, as we have seen differences in hooked functions in recent days and weeks, as well as the way the Command & Control (C&C) protocols operate. We believe that these functions and protocols will continue to evolve in the near future, and that our analysis of the malware’s functionality may not be 100 per cent complete as the code writers continue to refine it.


via New Financial Trojan Keeps Online Banking Sessions Open after Users “Logout” | Trusteer.


We’re glad to announce that this week we’ve made an important step toward the first beta-release of the new Java-Dorothy-Drone (aka JDrone) !

Patrizia Martemucci  (the main author of the JDrone) has just uploaded the last version of the code that fixes the concurrency problem that we’ve encountered while managing several drones for the same C&C.

Right now, we’re running a preliminary test phase, by monitoring some IRC botnets using different drones simultaneously, and we are collecting interesting results .

Anyway, some things are still missing, but we are working hard for fixing everything asap.

Stay tuned 🙂