Attackers Take Trojans to the Bank

Rapidly mutating malware threatens to overwhelm its financial services targets

SAN FRANCISCO -- RSA Conference -- Mobility, money, and malicious intent have formed a toxic brew, a researcher at Kaspersky Lab said yesterday on the eve of the security conference here. And it's a mix that threatens banks and their customers alike.

Cybercriminals are targeting financial services and consumer banking customers, which is no great surprise, acknowledged Eugene Kaspersky, head of research and development for the international antivirus vendor. But "bank Trojans," in particular, he told Dark Reading, have recently demonstrated more malevolence and effectiveness, threatening to overwhelm antivirus researchers and the methods they use to shut down such malware.

Each copy of these financial mutants "is different to avoid signature detection, which takes up large amounts of time and resources," Kaspersky said. There's been "huge growth" in this malware sector, and cybercriminals are increasingly using "anti-antivirus wares" with positive results, he added.

"We don't have a mutation engine in our hands yet, but the hackers do. And more of them are starting to use it."

There's also a geographical vector to this malware. "Most banking Trojans come from Brazil and Spanish-speaking countries," Kaspersky observed. [Ed. note: We're sure Mr. Kaspersky knows they speak Portuguese in the land of samba and soccer, but we think we get his point.]

As famed safecracker Willie Sutton responded when asked why he robbed banks, "because that's where the money is." That logic continues to hold true nearly a century later, as thieves use technology -- instead of dynamite or tommyguns -- to crack open the vaults. (See Even Terrorists Hack for Cash, CyberGangs and Thieves: An Unholy Alliance, and Banking on Multifactor Authentication.)

The borderless aspect of the Internet makes detection, detention, and prosecution of such criminals extremely challenging as well, Kaspersky said. While such attackers may appear to be striking from Brazil one week, it might be Russia or China the next.

While it didn't address bank Trojans per se, Kaspersky Lab introduced a couple of new security products yesterday as well. One minimizes the damage that mobile users might inadvertently inflict on the network or the enterprise; another protects smartphones from malicious programs and unsolicited text messages. (See Kaspersky Intros New Products at RSA.)

— Terry Sweeney, Editor in Chief, Dark Reading

  • Kaspersky Lab
  • Editors' Choice
    Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading