Trusteer Flashlight Provides Malware Analysis And Remediation For Financial Institutions

Remote fraud investigation service identifies the attack source on a customer's machine

March 13, 2010

3 Min Read


LONDON, March 15, 2010 "Trusteer, the leading provider of secure browsing services, today announced Trusteer Flashlight. This new remote fraud investigation and mitigation service identifies the attack source on a customer's machine, gathers samples, and can reverse engineer the mechanism used by the malware to commit fraud. Findings enable banks and other organizations to prevent future losses, block subsequent attacks, and takedown command/control servers.

Trusteer also announced today that CEO Mickey Boodaei will present a session on 'Financial Malware in the UK " New techniques for Defense' at the e-crime congress 2010 on March 16 at the Victoria Park Plaza Hotel in London. His presentation will reveal findings from reverse engineering performed by Trusteer's research organization on the Silon financial Trojan which targets UK-based financial institutions.

Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over US$120 million in the third quarter of 2009, according to estimates presented at the recent RSA Conference in San Francisco by the U.S. Federal Deposit Insurance Corporation. Almost all of the incidents reported to the FDIC related to malware on online banking customers' PCs. In the UK the situation is similar with online banking fraud losses up 55% to £39m in first half of 2009 according to Financial Fraud Action UK (formerly the anti-fraud unit of banking payments association APACS).

In order to protect customer bank accounts from being victimized, financial institutions are faced with the daunting task of identifying malware variants, analyzing them, and using the findings to mitigate future losses. Acquiring this data from customer computers is complex, labor intensive and an Internet scale challenge.

Trusteer Flashlight: Bringing Malware into the Open

To enable financial institutions to respond in real-time to financial fraud, the Trusteer Flashlight service can instantly initiate a remote investigation into an attack. The affected customer simply needs to install Trusteer's Rapport desktop forensic and protection software, which immediately identifies the malware, or in the case of an unidentified variant, detects suspicious malware behavior and lifts a sample or samples from the computer. These are then examined and reverse engineered by Trusteer's fraud and malware experts to identify the mechanism used to commit fraud.

Following the analysis, the financial institution receives a full report on the malware, the complete source code for future reference, and detailed recommendations on how to detect and block future attacks. In addition, Trusteer reports the malware to all desktop security vendors for industry-wide protection, performs ongoing analysis of associated command and control servers, and submits them to takedown services. Trusteer Flashlight includes ongoing consulting by Trusteer's security experts to help mitigate future threats.

"Financial institutions and their customers are being targeted by purpose built malware variants designed to evade detection and commit online fraud specifically against their brand," said Amit Klein, CTO of Trusteer. "The Trusteer Flashlight service enables banks to counter strike these targeted attacks. By performing a forensic investigation on the victimized computer, Trusteer rapidly provides financial institutions the information they need to mitigate any additional financial losses from a zero day malware variant."


Trusteer Flashlight is available immediately from Trusteer and its business partners worldwide as part of the Rapport offering, as an add-on module, or as a standalone solution.

About Trusteer

Trusteer enables online businesses to secure communications with their customers over the Internet and protect personally identifiable information (PII) from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects customers' PII from malware including Trojans, keyloggers, and pharming and phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights