Attackers Take Trojans to the Bank

Rapidly mutating malware threatens to overwhelm its financial services targets

Terry Sweeney, Contributing Editor

February 5, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

SAN FRANCISCO -- RSA Conference -- Mobility, money, and malicious intent have formed a toxic brew, a researcher at Kaspersky Lab said yesterday on the eve of the security conference here. And it's a mix that threatens banks and their customers alike.

Cybercriminals are targeting financial services and consumer banking customers, which is no great surprise, acknowledged Eugene Kaspersky, head of research and development for the international antivirus vendor. But "bank Trojans," in particular, he told Dark Reading, have recently demonstrated more malevolence and effectiveness, threatening to overwhelm antivirus researchers and the methods they use to shut down such malware.

Each copy of these financial mutants "is different to avoid signature detection, which takes up large amounts of time and resources," Kaspersky said. There's been "huge growth" in this malware sector, and cybercriminals are increasingly using "anti-antivirus wares" with positive results, he added.

"We don't have a mutation engine in our hands yet, but the hackers do. And more of them are starting to use it."

There's also a geographical vector to this malware. "Most banking Trojans come from Brazil and Spanish-speaking countries," Kaspersky observed. [Ed. note: We're sure Mr. Kaspersky knows they speak Portuguese in the land of samba and soccer, but we think we get his point.]

As famed safecracker Willie Sutton responded when asked why he robbed banks, "because that's where the money is." That logic continues to hold true nearly a century later, as thieves use technology -- instead of dynamite or tommyguns -- to crack open the vaults. (See Even Terrorists Hack for Cash, CyberGangs and Thieves: An Unholy Alliance, and Banking on Multifactor Authentication.)

The borderless aspect of the Internet makes detection, detention, and prosecution of such criminals extremely challenging as well, Kaspersky said. While such attackers may appear to be striking from Brazil one week, it might be Russia or China the next.

While it didn't address bank Trojans per se, Kaspersky Lab introduced a couple of new security products yesterday as well. One minimizes the damage that mobile users might inadvertently inflict on the network or the enterprise; another protects smartphones from malicious programs and unsolicited text messages. (See Kaspersky Intros New Products at RSA.)

— Terry Sweeney, Editor in Chief, Dark Reading

Read more about:

2007

About the Author

Terry Sweeney

Contributing Editor

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report.

In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights