October 27th, 2008

A peek inside the bank malware epidemic

Posted by Ryan Naraine @ 12:16 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Malware, Passwords, Pen testing, Privacy, Punditocracy, Spam and Phishing, Viruses and Worms

Tags: Bank, Financial, Malware, Attack, Schouwenberg, Spyware, Adware & Malware, Cyberthreats, Financial Accounting, Security, Viruses And Worms

My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has written a very interesting piece on the banker malware landscape, warning that attacks against financial institutions will get much more targeted and sophisticated.

Schouwenberg’s Attacks on Banks paper takes a close look at how malicious programs targeting financial institutions are designed to evade anti-malware and examines how phishing and money mules serve as the hub for global identity theft attacks.

Some important highlights:

• More sophisticated banker malware will use a MitM [man-in-the-middle] attack; this not only enables cyber criminals to attack more banks, but also ensures a higher return, as data is processed in real time. A MitM attack uses a malicious server to intercept all traffic between the client and the server i.e. the customer and the financial organization. Although everything will seem normal to the user, when s/he is asked to authorize a transaction, s/he is actually authorizing a transaction created by the cyber criminal. Malware which uses a MiTM attack typically either hides browser notifications about false web site certificates or, more commonly, shows a fake notification.
• With cyber criminals remaining eager to maximise their returns and remain at liberty, they have been examining other ways of conducting attacks. Thus, we are now seeing an increase in so-called next generation financial malware - Man-in-the-Endpoint (MitE).
• The increased usage of two-factor authentication by financial organizations has resulted in an increase in malware capable of defeating this type of authentication. This means that the eventual adoption of two-factor authentication will not have any significant long-term effect. It will simply raise the benchmark for financial malware.

Read the full report here.
* Image source: The akaalias Flickr photostream (Creative Commons 2.0)