Oddjob Trojan is hijacking bank sessions

Trusteer has warned banks of attacks in the US and Europe

Security firm Trusteer is warning banks and their customers that it has discovered a new type of malware which can siphon funds from unsuspecting victims' accounts.

The Oddjob Trojan, detailed on the blog of Amit Klein, Trusteer's chief technology officer, has the ability to hijack customers' online banking sessions in real time using the session ID tokens passed between the customer and the bank's web site.

The Trojan would enable fraudsters to keep a session between customer and bank open, even though the victim thought they had logged out.

Klein says Trusteer has been monitoring Oddjob for some time, but has been unable to publicise the malware because of police investigations.

It has already warned banks in the US, Poland and Denmark that criminal gangs in Eastern Europe have been using Oddjob to attack their customers.

The Trojan "appears to be a work in progress," says Klein. "We have seen differences in hooked functions in recent days and weeks, as well as the way the command and control protocols operate.

"We believe that these functions and protocols will continue to evolve in the near future, and that our analysis of the malware's functionality may not be 100 per cent complete as the code writers continue to refine it," he added.

So far the malware code Klein has examined is capable of logging GET and POST requests, grabbing full pages, terminating connections and injecting data into web pages.