Technology company warns that UK banks are being targeted on a regional basis by malware

News - Banking

Written by Ray Clancy

Friday, 02 July 2010 09:45

UK bank customers are being targeted by criminals using regional specific malware aimed at stealing online banking details, it is claimed. A leading provider of secure browsing services is warning that the malware flies under the radar of most antivirus technology and detection rates are poor, anywhere between 0% and 20%, suggesting that many of these attacks go undetected.

Two pieces of regional malware targeted at UK banks have been detected by Trusteer. They are Silon.var2 which resides on one in every 500 computers in the UK compared to one in 20,000 in the US, and Agent.DBJP, detected on 1 in 5,000 computers in the UK compared to 1 in 60,000 in the US.

In addition, Trusteer has discovered two UK-specific Zeus botnets. Although Zeus is the most known piece of financial malware, the uniqueness of these botnets is that they only consist of UK based computers and only target UK based banks. Hence these variants are less likely to be detected by antivirus solutions, the provider warns.

Its works has discovered that to help avoid detection and maximize return on their effort, the criminals are using UK centric spam lists and compromised websites based in the UK to spread the malware that targets bank customers.

It is a problem that Trusteer expects to increase, predicting that in 2011 enterprises will experience significant losses as a result of regional malware which will replace some of the better known malware attacks.

‘This indicates a shift in financial criminal activity and requires some special attention from financial organizations. Unlike known malware kits such as Zeus, Torpig, and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors, regional financial malware such as Silon.var2 and Agent.DBJP are highly targeted,’ said Mickey Boodaei, chief executive officer of Trusteer.

‘In the UK, each campaign would usually focus on three to seven banks and target them for a period of six to nine months and then morph and change the list of targets, using a new more advanced version of the malware,’ he explained.

The UK is not the only country being targeted on a regional basis, the company has found. It has detected similar situations in South Africa and Germany. The infamous Yaludle malware has been highly focused on the German market, for example.

Trusteer is urging banks in the same region ought to work together, share information, and proactively try to identify and target regional malware. ‘Banks should actively investigate regional malware in order to understand how the malware works and how it can be stopped by shutting down its command and control servers. They can also identify mule accounts and money transfers and use law enforcement agencies to track down the criminals. And eventually they could feed this information to antivirus vendors to increase coverage against regional malware,’ said Boodaei.

‘Silon, DBJP, and other regional financial malware have been identified through Trusteer's Flashlight service and analysis and investigation results have been shared between participating banks,’ said Amit Klein, head of the company’s research organisation.

‘If a bank in a specific region experiences fraud from a new piece of regional malware there is an 80% chance that other banks in the same region will experience in the near future similar losses from this malware,’ he added.