Online banking users targetted by regional malware

Detection rates for the regional malware, explains Trusteer, are between zero and 20%.

Two pieces of regional malware have been seen – Silon.var2, which resides on one in every 500 computers in the UK compared to one in 20 000 in the US, and Agent.DBJP, which has been detected on 1 in 5000 computers in the UK compared to 1 in 60 000 in the US.

In addition, Trusteer says it has discovered two UK-specific Zeus botnets. Although Zeus is the most known piece of financial malware, the firm says that the uniqueness of these botnets is that they only consist of UK-based computers and only target UK-based banks.

As a result, the company says these variants are less likely to be detected by anti-virus solutions.

Mickey Boodaei, Trusteer's CEO, said that the arrival of this regional malware indicates a shift in financial criminal activity and requires some special attention from financial organisations.

"Unlike known malware kits such as Zeus, Torpig, and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors, regional financial malware such as Silon.var2 and Agent.DBJP are highly targetted", he explained.

In the UK, each campaign would usually focus on 3 to 7 banks and target them for a period of 6 to 9 months and then morph and change the list of targets, using a new more advanced version of the malware", he added.

Boodaei went on to say that regional malware is not unique to the UK. "Other regions such as Germany, for example, also suffer from regional malware. The infamous Yaludle malware has been highly focussed on the German market", he said.

In order to fight the problem, regional malware Trusteer recommends banks work together, share information, and pro-actively try to identify and target regional malware.They should also actively investigate regional malware in order to understand how the malware works and how it can be stopped by shutting down its command and control servers.


What’s Hot on Infosecurity Magazine?