According to the in-browser web security specialist, webinjects are now being offered for sale or rent on open internet forums, effectively allow anyone with a bit of spare cash to use them for fraudulent purposes.
Trusteer, which collates data anonymously from the many millions of online banking service users that have installed its Rapport browser plug-in, says that webinjects are malware configuration directives that are used to inject rogue content in the web pages of bank websites. They are then used to steal confidential information from the institution’s customers.
The security software firm says that, from the advertisements its research team have seen there are multiple targets, including British, Canadian, American, and German banks. The price of a single webinject code unit starts at $60,00, ranging up to $740.00 for a US pack and $800.00 for a UK pack.
According to Amit Klein, Trusteer's CTO, cybercriminals have been busy developing webinjects for Zeus and Spyeye to orchestrate and develop malevolent attacks against certain banks.
Shrewd developers, says Trusteer, are earning a decent income from selling the Zeus/Spyeye webinjects service to an increasingly diverse customer base. The most interesting element is that they’re not too bothered whether the customer has the skills to use it.
In fact, notes Klein, they’d probably prefer they didn’t, as the developers have gone to the trouble of obfuscating the Zeus/Spyeye webinjects, not because they want to confuse malware researchers, but to try and prevent piracy of their software.
“That means, ironically, that these criminals are actually taking steps to protect their own intellectual property. I suppose they have to do something as they can’t resort to litigation”, he said, adding that, since webinjects cannot be modified by the customer, if they need localization for a specific country and language, this can only be carried out by the developers.