Cyber criminals set trap for foreign exchange traders

News 30 Nov, 2012

FOREX website suffers malware injection that could infect visitors' computers.

A popular foreign exchange market (FOREX) website has been infected with a malicious Java applet, designed to install malware onto site visitors’ computers.

The threat, which has been injected into the FOREX trading website tradingforex.com, was detected by unified web, data and email security firm Websense. The company has raised the prospect that such an attack may constitute a shift in the way some cyber criminals work, suggesting they may now be looking to attack easier targets with online systems and less mature security systems, compared to banks and stock exchanges.

This injection could deposit malware to the users of this site, opening them up to data stealing

However, the applet will not be able to infect any and all visitors to the site, Websense has said, as the dropped backdoor that allowed the injection is written in Visual Basic. This means the target machine must have Microsoft’s .NET framework successfully installed and running in order for an infection to take place.

“Cyber criminals are certainly heading straight for the money in targeting a trading website. This injection could deposit malware to the users of this site, possibly opening them up to data stealing,” said Carl Leonard, senior security research manager at Websense.

“Without real-time inline security protection, companies and individuals could be at risk of trading more than they thought, with the cybercriminals maximising profits.”