According to Trusteer, an analysis of OddJob's configuration data shows that it can be programmed to execute other actions on targeted Web site besides stealing session information. The code can grab full pages of data, terminate connections and inject malicious code into sites.
Unlike most banking Trojans , when OddJob gets downloaded on a user's system its configuration code is not saved to disk. Instead, a fresh copy of the configuration data is grabbed from the Command-and-Control server each time a fresh browser session is opened.
OddJob will likely feature more sophisticated functions in future, Klein said. "We believe it is a work in progress. We are seeing functions being added on a weekly basis."
Sign up for Computerworld eNewsletters.