OddJob, an Emerging Financial Malware Villain

Those who have seen the 80′s Bond flicks might remember OddJob–the stout, round-faced Bond villain with the lethal top hat and the thin mustache.  Well, “OddJob” recently reemerged and is still dangerous.  But this time around, rather than executing people by launching his top hat, he’s taken the form of financial malware that’s used to steal innocent people’s money.

What is OddJob and what does it do?

OddJob is a Trojan capable of hijacking bank customers’ online banking sessions in real time.  OddJob’s deception lies in its ability to keep sessions open after customers think they have logged off, which allows the cybercriminals behind OddJob to fraudulently extract money unnoticed.  These fraudsters are reportedly based in Eastern Europe and have attacked bank customers in several countries, including the US, Denmark, and Poland.

OddJob is designed to intercept user communications through the browser, thereby allowing it to steal or inject information and terminate user sessions from within the browser.  All logged requests are immediately sent to a command-and-control server, which serves as the central command center from where the fraudsters carry out the crime.  Since they have access to all logged requests, the cyber thieves are able to secretly perform session hijacks by stealing the user’s session ID token, which banks use to identify a user’s online banking session.  The fraudsters use the session ID token to impersonate the victim and perform a wide range of online banking actions.

What makes OddJob different from other malware?

OddJob is a new type of malware that employs innovative attack methodologies.  These techniques enable it to side-step many commercial IT security applications that have historically defended users’ digital and monetary assets.

One of the principal ways in which OddJob differs from conventional hacking attacks is that the fraudsters behind OddJob don’t actually need to log in to the online banking computers.  Instead, they can just piggy-back on an existing and authenticated session.  OddJob is able to bypass a user’s logout request, so that the victim believes he has logged out while the cybercriminals remain connected and able to perform fraudulent operations to their hearts’ content.

Defending Against OddJob

In terms of defending against OddJob, both banks and their customers need to join forces.  On one hand, banks need to constantly be aware of potential threats, communicating with their customers when these threats arise.  And they also need to consistently update their security software.  On the other hand, bank customers also need to keep their antivirus software up to date and use common sense when it comes to downloading files or clicking on links or attachments.

The Bond villain, OddJob, was definitely a menacing adversary, but the financial malware, OddJob, is proving to be dangerous in its own way as well.

This entry was posted in Malware Alerts and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>