A new report on banking Trojans by Dell SecureWorks has some familiar faces on its list of the most widespread financial malware. Call it PC users’ most unwanted.
According to the company, the Gameover ZeuS is the most prevalent piece of banking malware detected by the company in 2013. That particular Trojan represented 38 percent of the company’s detections. The next most prevalent is Citadel, which came in at 33 percent.
“Attackers tend to avoid countries where international transactions are more difficult and require local intervention to launder the money,” according to the report by Dell SecureWorks’ Counter Threat Unit [CTU]. “Though most campaigns in 2013 focused on traditional banking websites, targets also included institutions that facilitate high-volume, high-value transactions, such as Automated Clearing House (ACH) or Single Euro Payments Area (SEPA) credit transfers. Many campaigns targeted corporate bank accounts and payroll systems.”
Modern banking botnets are extremely flexible, according to the researchers, and typically use man-in-the-browser techniques. Other common capabilities among the most popular Trojans include certificate stealing and the ability to take screenshots.
“The choice of banking Trojan and its capabilities depends on the financial resources available to the attacker and the level of security implementations an institution adopts,” according to the CTU report. “While MITB is a necessity of any banking Trojan, features like redirect and backconnect allows them to control fraudulent transactions. Features like screenshots and video-captures not only capture important information but enables attacker to determine victim behavior and perform fraud.”
In an interview with SecurityWeek, a CTU spokesperson called the Gameover Zeus Trojan the most sophisticated of the bunch, noting that it replaces the centralized command and control server with a robust peer-to-peer network. The move takes away a single point of failure that can be targeted by researchers and law enforcement.
“With its peer-to-peer network architecture, it can extend its reach much faster and much wider than any other single centralized command and control server,” the spokesperson said. “The criminal group operating Gameover Zeus has always been observed utilizing the most advanced and sophisticated spam botnet, Cutwail, and they have implemented multiple spam themes on a daily basis in order to lure new victims and distribute more payloads than any other contemporary banking botnets.”
While financial institutions have been evolving constantly to protect their systems, however some of the security implementations adopted by financial institutions are still inadequate to defend against modern financial Trojans.
“Additionally, the slow adoption rate of some of the stronger security measures is putting financial institutions at constant risk,” the spokesperson said. “The financial fraud marketplace is also increasingly organized. It is a service industry where a wide variety of financial Trojans, Web-injects and their distribution channels are bought and sold. On the underground hacker markets, there are dedicated services being sold which will provide each aspect of a financial fraud campaign. These offerings not only constantly improve the effectiveness of established criminal techniques but also weaken many of the security countermeasures adopted by financial institutions.”
