Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Regional Malware Targets UK Banking Users

Trusteer : 02 July, 2010  (Technical Article)
By focusing on specific geographical regions, malware writers are trying to avoid detection from anti-malware software warns Trusteer
Trusteer is warning that bank customers are being targeted by criminals using regional specific malware that flies under the radar of most antivirus technology to steal peoples online banking credentials and commit fraud. Detection rates for regional malware are between zero and 20%, suggesting that the majority of these attacks go undetected.

Two pieces of regional malware targeted at UK banks have been detected by Trusteer; Silon.var2 .which resides on one in every 500 computers in the UK compared to one in 20,000 in the US, and Agent.DBJP, detected on 1 in 5000 computers in the UK compared to 1 in 60,000 in the US. In addition, Trusteer has discovered two UK-specific Zeus botnets. Although Zeus is the most known piece of financial malware, the uniqueness of these botnets is that they only consist of UK-based computers and only target UK-based banks. Hence these variants are less likely to be detected by antivirus solutions.

To help avoid detection and maximize return on their effort, the clever criminals are using UK centric spam lists and compromised websites based in the UK to spread the malware that targets bank customers.

What's more this problem is not going away, with Trusteer anticipating that in 2011 enterprises will experience significant losses as a result of regional malware which will replace some of the better known malware attacks.

"This indicates a shift in financial criminal activity and requires some special attention from financial organizations. Unlike known malware kits such as Zeus, Torpig, and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors, regional financial malware such as Silon.var2 and Agent.DBJP are highly targeted said Mickey Boodaei, Trusteer's CEO, " In the UK, each campaign would usually focus on 3 to 7 banks and target them for a period of 6 to 9 months and then morph and change the list of targets, using a new more advanced version of the malware."

"Regional malware is not unique to the UK", explains Boodaei, "We've recently started analyzing financial malware in South Africa and identified targeted regional attacks as well, which are rarely seen outside that region. Other regions such as Germany for example also suffer from regional malware. The infamous Yaludle malware has been highly focused on the German market"

In order to fight regional malware Trusteer recommends banks in the same region to work together, share information, and proactively try to identify and target regional malware. Banks should actively investigate regional malware in order to understand how the malware works and how it can be stopped by shutting down its command and control servers. They can also identify mule accounts and money transfers and use law enforcement agencies to track down the criminals. And eventually they could feed this information to antivirus vendors to increase coverage against regional malware.

Mickey Boodaei, Trusteer's CEO, continues "By downloading the Rapport secure browsing software and taking sensible precautions such as following the advice from UK banks, online personal banking can be made more secure. Rapport is the first and only dedicated online banking protection software. It provides an additional layer of defence against malware that specifically targets online banking sessions. It silently protects data exchanged during web banking sessions including usernames, passwords, and account information against crimeware."

'With 2.4 million downloads of Rapport in only a few months, our customers are confirming that security online is as important to them as it is to us." According to Nick Staib, digital security manager at HSBC Bank plc, 'Trusteer's focus on new malware targeting our customers, and their agile responsiveness to these threats, are just two of the reasons why both we and our customers are much safer banking online after downloading Rapport. We need to keep several steps ahead of fraudsters and offering Rapport to our customers has helped us achieve this.'

"Silon, DBJP, and other regional financial malware have been identified through Trusteer's Flashlight service and analysis and investigation results have been shared between participating banks," said Amit Klein, CTO of Trusteer and head of the company's research organization. If a bank in a specific region experiences fraud from a new piece of regional malware there is an 80% chance that other banks in the same region will experience in the near future similar losses from this malware."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo