Banking Trojans Surge in Q3

The third quarter of 2013 saw the number of online banking trojans detected reach record levels
The third quarter of 2013 saw the number of online banking trojans detected reach record levels

According to Trend Micro’s latest malware status check, three countries – the US (23%), Brazil (16%) and Japan (12%) – accounted for more than half of these infections:

“A large portion of online banking malware infections were due to ZeuS/ZBOT Trojans. ZeuS/ZBOT variants were, in fact, the most distributed malware by spam this quarter. New ZBOT variants emerged, specifically KINS malware, which came armed with anti-debugging and anti-analysis routines. And Citadel variants continued to plague Japan, particularly targeting financial institutions and varied webmail services like Yahoo! Japan and Gmail, among others.”

Outside of banking trojans, Conficker remained the top malware this quarter. Adware packaged with fake software offers continued to victimize Internet users. Despite being the top malware though, the number of infections decreased to 345,000 from last quarter’s 509,000, possibly due to number of users who upgraded operating systems in light of the impending end of support for Windows XP.

Speaking of which, the quarter also showed that Java 6 has become a permanent threat, according to the report, titled The Invisible Web Unmasked – an object lesson for Windows XP users.

“Older, unpatched versions of software have always posed serious security risks,” Trend Micro said in a blog. “This was shown when a new exploit targeting a vulnerability in Java 6 was seen. This came after Oracle officially declared Java 6′s end-of-life (EOL), highlighting the risks of using EOLed software that will no longer receive patches.”

Thus, this serves as a potential preview of what will happen next year, when Windows XP – still in use in many systems and networks all over the world – is officially cut off when it comes to updates and support by Microsoft.

In the good news column, Q3 shined the spotlight on parts of the hidden internet that would have preferred to remain hidden. “Services favored by cybercriminals such as the digital currency Liberty Reserve and the online marketplace Silk Road were shut down during the quarter,” the company noted in a blog post. “And right after the quarter ended, the notorious creator of the Blackhole Exploit Kit, Paunch, was arrested as well, severely curtailing related spam campaigns.” (Infosecurity notes that a second version of Silk Road was brought online about one month after it was taken down by the FBI)

Despite these steps, however, cybercrime continued to grow during the quarter, including (or should we say “especially”) on the mobile side. The company’s previous 2013 predictions included that the number of high-risk and malicious Android apps would exceed 1 million sometime in the year – which happened in the third quarter.

“Premium service abusers remained the most common threat,” Trend Micro noted. “These sign up users for paid ‘premium services’ without their consent, and highlight how mobile malware has become mainstream, continuously growing and affecting more users around the world.”

As a sign of the growing maturity of mobile platforms, a major vulnerability was found in Android with correspondingly serious risks. The so-called “master key” vulnerability allowed an attacker to “update” a legitimate app with a malicious version.

What’s hot on Infosecurity Magazine?