Online Banking Malware Eludes Detection and Infects More than Two Thirds of Machines
NEW YORK, Sep. 16, 2009 - Trusteer, the customer protection company for online businesses, reported today that the Zeus online banking Trojan infects machines that are running up-to-date anti-virus programs up to 77 percent of the time. These findings are based on a sample of more than 10,000 users of the Rapport browser security service, whose machines were infected with the Zeus Trojan.
Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the Internet today. It infects consumer PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.
The report released today by Trusteer found that the majority of Zeus infections occur on machines which have an installed and up-to-date anti-virus product. Specifically, Trusteer found that among Zeus infected machines:
The full report is available at http://www.trusteer.com/files/Zeus_and_Antivirus.pdf
“When we set out to measure the efficiency of antivirus products in the wild against Zeus, we had no idea what kind of results we would get,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “The findings, that up-to-date anti-virus programs were only effective at blocking Zeus infections 23 percent of the time, are disturbing. This is bad news for consumers and banks, since the vast majority of Zeus infections are going unnoticed.”
Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.
Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects users' PII even if their computer is infected with malware including Trojans and keyloggers, or is victimized by pharming or phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com.
Editorial Contact:
Trusteer
Marc Gendron
(781) 237-0341
marc@mgpr.net