Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/5/2007
11:18 AM
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

Attackers Take Trojans to the Bank

Rapidly mutating malware threatens to overwhelm its financial services targets

SAN FRANCISCO -- RSA Conference -- Mobility, money, and malicious intent have formed a toxic brew, a researcher at Kaspersky Lab said yesterday on the eve of the security conference here. And it's a mix that threatens banks and their customers alike.

Cybercriminals are targeting financial services and consumer banking customers, which is no great surprise, acknowledged Eugene Kaspersky, head of research and development for the international antivirus vendor. But "bank Trojans," in particular, he told Dark Reading, have recently demonstrated more malevolence and effectiveness, threatening to overwhelm antivirus researchers and the methods they use to shut down such malware.

Each copy of these financial mutants "is different to avoid signature detection, which takes up large amounts of time and resources," Kaspersky said. There's been "huge growth" in this malware sector, and cybercriminals are increasingly using "anti-antivirus wares" with positive results, he added.

"We don't have a mutation engine in our hands yet, but the hackers do. And more of them are starting to use it."

There's also a geographical vector to this malware. "Most banking Trojans come from Brazil and Spanish-speaking countries," Kaspersky observed. [Ed. note: We're sure Mr. Kaspersky knows they speak Portuguese in the land of samba and soccer, but we think we get his point.]

As famed safecracker Willie Sutton responded when asked why he robbed banks, "because that's where the money is." That logic continues to hold true nearly a century later, as thieves use technology -- instead of dynamite or tommyguns -- to crack open the vaults. (See Even Terrorists Hack for Cash, CyberGangs and Thieves: An Unholy Alliance, and Banking on Multifactor Authentication.)

The borderless aspect of the Internet makes detection, detention, and prosecution of such criminals extremely challenging as well, Kaspersky said. While such attackers may appear to be striking from Brazil one week, it might be Russia or China the next.

While it didn't address bank Trojans per se, Kaspersky Lab introduced a couple of new security products yesterday as well. One minimizes the damage that mobile users might inadvertently inflict on the network or the enterprise; another protects smartphones from malicious programs and unsolicited text messages. (See Kaspersky Intros New Products at RSA.)

— Terry Sweeney, Editor in Chief, Dark Reading

  • Kaspersky Lab Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Commentary
    What the FedEx Logo Taught Me About Cybersecurity
    Matt Shea, Head of Federal @ MixMode,  6/4/2021
    Edge-DRsplash-10-edge-articles
    A View From Inside a Deception
    Sara Peters, Senior Editor at Dark Reading,  6/2/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    The State of Cybersecurity Incident Response
    In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-34682
    PUBLISHED: 2021-06-12
    Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
    CVE-2021-31811
    PUBLISHED: 2021-06-12
    In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
    CVE-2021-31812
    PUBLISHED: 2021-06-12
    In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
    CVE-2021-32552
    PUBLISHED: 2021-06-12
    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
    CVE-2021-32553
    PUBLISHED: 2021-06-12
    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.