OMEN
07-05-2010, 10:00 PM
Techworld.com - Cybercriminals are building country-specific botnets to target U.K. bank customers with dedicated malware, security company Trusteer Ltd. has reported.
The company identifies two pieces of malware -- the previously undetected Silon.var2 and the longer-established Agent.DBJP -- as the two bank Trojans being distributed by Zeus-based botnets using U.K.-infected PCs.
Silon.var2 now affects one in every 500 U.K.-based PCs connected to the Trusteer Flashlight system; that's 40 times higher than the rate of Silon.var2 infections detected in the U.S., according to Trusteer. Meanwhile, the security firm reports that Agent.DBJP affects one in every 5,000 U.K.-based PCs; again, that's a far higher rate of infection than Trusteer has detected in the U.S.
It's not clear whether these infection rates are partly a quirk of the Trusteer customer base, but it is clear that country-specific malware is now a defined strategy for the banking Trojan botnets, with the U.K. high on the hit list.
Although country-specific malware can apply to any country, the motivation for attacking banks and their customers in this way is to make detection harder. Global Trojan campaigns are easier to spot.
"Regional malware is not unique to the U.K.," said Trusteer CEO, Mickey Boodaei. "We've recently started analyzing financial malware in South Africa and identified targeted regional attacks [that] are rarely seen outside that region. Other regions -- such as Germany, for example -- also suffer from regional malware. The infamous Yaludle malware has been highly focused on the German market," he said.
Trusteer's motivation for researching malware outbreaks and issuing reports of its findings is to promote its Rapport browser plug-in. Rapport is designed to set up an encrypted link between banking sites and customers. The technology is already being used in the U.K. by HSBC, and it was itself recently and unsuccessfully targeted by malware writers trying to overcome its protection settings.
Bank Trojan writers have also launched attacks against online banking customers who use the Firefox browser, contradicting the out-of-date belief that Microsoft's Internet Explorer is the only browser that cybercriminals target.
The company identifies two pieces of malware -- the previously undetected Silon.var2 and the longer-established Agent.DBJP -- as the two bank Trojans being distributed by Zeus-based botnets using U.K.-infected PCs.
Silon.var2 now affects one in every 500 U.K.-based PCs connected to the Trusteer Flashlight system; that's 40 times higher than the rate of Silon.var2 infections detected in the U.S., according to Trusteer. Meanwhile, the security firm reports that Agent.DBJP affects one in every 5,000 U.K.-based PCs; again, that's a far higher rate of infection than Trusteer has detected in the U.S.
It's not clear whether these infection rates are partly a quirk of the Trusteer customer base, but it is clear that country-specific malware is now a defined strategy for the banking Trojan botnets, with the U.K. high on the hit list.
Although country-specific malware can apply to any country, the motivation for attacking banks and their customers in this way is to make detection harder. Global Trojan campaigns are easier to spot.
"Regional malware is not unique to the U.K.," said Trusteer CEO, Mickey Boodaei. "We've recently started analyzing financial malware in South Africa and identified targeted regional attacks [that] are rarely seen outside that region. Other regions -- such as Germany, for example -- also suffer from regional malware. The infamous Yaludle malware has been highly focused on the German market," he said.
Trusteer's motivation for researching malware outbreaks and issuing reports of its findings is to promote its Rapport browser plug-in. Rapport is designed to set up an encrypted link between banking sites and customers. The technology is already being used in the U.K. by HSBC, and it was itself recently and unsuccessfully targeted by malware writers trying to overcome its protection settings.
Bank Trojan writers have also launched attacks against online banking customers who use the Firefox browser, contradicting the out-of-date belief that Microsoft's Internet Explorer is the only browser that cybercriminals target.