Trusteer introduces real-time malware analysis technology

The Trusteer service – Flashlight – is designed to allow banks to perform remote forensic investigations on customer's machines to detect the source of electronic fraud and so help prevent future attacks.

Central to the Flashlight service is the use of anonymous pooled data from Trusteer's Rapport browser plug-in software that is currently being offered as a free download to customers of banks such as HSBC, Natwest/RBS and the Santander Group, formerly known as Abbey National and Alliance & Leicester.

In use, Flashlight is billed as being capable of identifying the attack source on a customer' machine, gather samples, and then reverse engineer the mechanism used by the malware to commit the banking fraud.

The nett result, Micky Boodaei, Trusteer's CEO told Infosecurity, is that the findings allow banks and similar organisations to help prevent future losses, block subsequent attacks, and takedown command/control botnet servers in short order.

Boodaei, who is speaking at the e-Crime Congress event taking place in London today, says that his firm's research has revealed a particularly nasty piece of malware called Silon, which intercepts e-banking users' data sessions in real time and inserts data dynamically for maximum fraudulent results.

According to Trusteer, online e-banking fraud involving the electronic transfer of funds has been on the rise since 2007 and soared by more than 50% to reach £39 million in the first half of 2009.

Trusteer's CEO says that, in order to protect customer bank accounts from being victimised, financial institutions are faced with the daunting task of identifying malware variants, analysing them, and using the findings to mitigate future losses.

Acquiring this data from customer computers, he says, is a complex and labour intensive process, as well as being an Internet-sized challenge.

This is where Flashlight enters the frame, since it allows banks to respond to online threats in real time and take action.

"Using our Rapport plug-in allows the users' e-banking sign-on process to be secure", said Boodaei, who added it is down to the banks to make the process as secure – and as easy – as possible.

"Solutions must be developed that do not run against the user experience. Rapport and Flashlight is one such solution as the data from the users' browser – on an anonymous basis – flows back to the Trusteer and the bank, allow[ing] everyone to see when something is wrong", he explained.

Following an analysis, under Flashlight, the financial institution receives a full report on the malware, the complete source code for future reference, and detailed recommendations on how to detect and block future attacks.

In addition, says Boodaei, Trusteer reports the malware to all desktop security vendors for industry-wide protection, performs ongoing analysis of associated botnet command-and-control servers, and submits them to takedown services.

What’s hot on Infosecurity Magazine?