Silon is a rather old malware program that is known to be targeted at banking websites. The Trojan horse is employed to steal login credentials and commit online frauds. Silon was detected by Trusteer, whose Rapport software was adopted by UK banks to help customers prevent malware attacks.
The Silon Trojan is regarded as a regional infection because its major target was users of UK online banking services. However, some computers infected with the Trojan were found in the United States, too. At the time when the Trojan was detected, it was estimated that the infection resided on one in every 500 computer in the UK. In the US, the number of the infected computer was much lower. It was estimated that Silon was present on one on 20,000 computers.
Criminals are believed to prefer regionally based malicious programs because they are likely to bypass virus and malware prevention programs.
The Silon malware program infects Internet Explorer and waits until the user access his online banking website and enters his/her login information. The data is encrypted and sent to a command and control (C&C) server.
When the Trojan is used to attack online banking applications protected by tokens and banking card readers, the threat waits until the user logs on and then injects its html code between the use and the web server. The user is provided with a fake web page, which is identical to the bank’s web page, and is required to enter information provided by the device. The information is then recorded and exploited by the criminals.
The infection was detected in 2009 and about 2 years later, the number of infected computer decreased. However, soon another version of Silon was detected. The infection is called Tilon and is known to display the same behavior as Silon.
You may not suspect that your computer contains Tilon because the Trojan can installs a scareware program in order to hide its actual intentions. If annoying pop-up warnings encouraging the user to activate the program are the only symptom, the user may decide to keep the application and use the computer as usual, which is not recommended. The Trojan horse and fraudulent program have to be removed from the computer in order to prevent damage to the computer and money loss.
The Trojans discussed are not the only threats that can afflict the computers of unsuspecting users. There are Trojan horses which can make an infected computer part of a botnet, which can be used for a variety of illegal activities. In order to prevent such infections, it is advisable to keep the system protected and avoid browsing insecure websites.