Two pieces of regional malware targeted at UK banks have been detected by Trusteer; Silon.var2 .which resides on one in every 500 computers in the UK compared to one in 20,000 in the US, and Agent.DBJP, detected on 1 in 5000 computers in the UK compared to 1 in 60,000 in the US. In addition, Trusteer has discovered two UK-specific Zeus botnets. Although Zeus is the most known piece of financial malware, the uniqueness of these botnets is that they only consist of UK-based computers and only target UK-based banks. Hence these variants are less likely to be detected by antivirus solutions.
To help avoid detection and maximize return on their effort, the clever criminals are using UK centric spam lists and compromised websites based in the UK to spread the malware that targets bank customers.
What's more this problem is not going away, with Trusteer anticipating that in 2011 enterprises will experience significant losses as a result of regional malware which will replace some of the better known malware attacks.
"This indicates a shift in financial criminal activity and requires some special attention from financial organizations. Unlike known malware kits such as Zeus, Torpig, and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors, regional financial malware such as Silon.var2 and Agent.DBJP are highly targeted said Mickey Boodaei, Trusteer's CEO, " In the UK, each campaign would usually focus on 3 to 7 banks and target them for a period of 6 to 9 months and then morph and change the list of targets, using a new more advanced version of the malware."
"Regional malware is not unique to the UK", explains Boodaei, "We've recently started analyzing financial malware in South Africa and identified targeted regional attacks as well, which are rarely seen outside that region. Other regions such as Germany for example also suffer from regional malware. The infamous Yaludle malware has been highly focused on the German market"
In order to fight regional malware Trusteer recommends banks in the same region to work together, share information, and proactively try to identify and target regional malware. Banks should actively investigate regional malware in order to understand how the malware works and how it can be stopped by shutting down its command and control servers. They can also identify mule accounts and money transfers and use law enforcement agencies to track down the criminals. And eventually they could feed this information to antivirus vendors to increase coverage against regional malware.
Mickey Boodaei, Trusteer's CEO, continues "By downloading the Rapport secure browsing software and taking sensible precautions such as following the advice from UK banks, online personal banking can be made more secure. Rapport is the first and only dedicated online banking protection software. It provides an additional layer of defence against malware that specifically targets online banking sessions. It silently protects data exchanged during web banking sessions including usernames, passwords, and account information against crimeware."
"With 2.4 million downloads of Rapport in only a few months, our customers are confirming that security online is as important to them as it is to us." According to Nick Staib, digital security manager at HSBC Bank plc, "Trusteer's focus on new malware targeting our customers, and their agile responsiveness to these threats, are just two of the reasons why both we and our customers are much safer banking online after downloading Rapport. We need to keep several steps ahead of fraudsters and offering Rapport to our customers has helped us achieve this."
"Silon, DBJP, and other regional financial malware have been identified through Trusteer's Flashlight service and analysis and investigation results have been shared between participating banks," said Amit Klein, CTO of Trusteer and head of the company's research organization. If a bank in a specific region experiences fraud from a new piece of regional malware there is an 80% chance that other banks in the same region will experience in the near future similar losses from this malware."
Trusteer, the world's leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables banks and online businesses to protect sensitive data such as account holder credentials from malware by locking down the browser and creating a tunnel for safe communication between the web site and customers' machines. It also prevents phishing by validating site authenticity. Trusteer Flashlight allows remote, effective, and instant investigation of malware-related fraud incidents. Trusteer's solutions are used by more than 60 leading financial organizations in North America and Europe and by more than 7 million of their customers. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. For more information visit www.trusteer.com.