What is Silon?

Silon, also known as W32.Silon, is a highly dangerous Trojan that commits financial frauds. Silon was detected in 2009 by Trusteer. It has been found that the malware program records login credentials and sends the information to its command and control servers. It is done after the infection intercepts Internet Explorer web browser sessions. The payload is performed when the user access a website and enters its username and password, which are then encrypted and sent to remove servers.

How does Silon commit online frauds?

Silon is capable of bypassing banking card readers and other security devices. If an account is protected by a randomly generated code, Silon stays in the background until the user logs in and then injects dynamic html code into the login flow in order to deceive the user. When the criminal acquire necessary information, they execute illegal transaction on behalf of the user. The user may not suspect anything until he/she checks what transactions have been made.

What is the target of Silon?

The analysis of the Silon Trojan revealed that the threat was aimed at compromising UK-based websites, mainly banking websites. It was estimated that the threat resided on one in every 500 computers in the UK. The threat was also detected in the United States; however, the number of infected computers is not as big as in the UK.  The analysis showed that the Trojan was detected in one in 20,000 computers in the US.

Malware researchers are surprised at how well-prepared the attackers. Their knowledge of how the bank operates and what security controls are enables them to commit serious online fraud.

The successor or Silon

In 2012 another financial malware program targeted at banks was detected. Just like Silon, the new threat is capable of bypassing anti-virus detection. The analysis of the new infection revealed that the threat exhibited behaviors typical of Silon. The new malware program was named Tilon in order to show the relation between the two threats. Like its predecessor, Tilon injects itself into a browser and takes full control over the traffic from the browsers to web servers and vice versa.  The Trojan horse is also capable of replacing particular parts of targeted URLs with its own text.

How to prevent Silon and other malware

Silon and Tilon are not the only infections in the wild. A lot of computer users have already been affected by the Zeus Trojan, SpyEye, Shylock and other dangerous malware. Very often highly dangerous and complex infections find a way to a computer with the help of other computer threats. In order to prevent severe damage, it is advisable to avoid visiting unreliable websites, including adult websites, file sharing websites, etc.  A powerful spyware removal tool should also be present on the PC.

100% FREE spyware scan and
tested removal of Silon*

Leave a Comment

Enter the numbers in the box to the right *