Motivated. Targeted. Talented.
All the qualities you do not want to find in an enemy.
It used to be script kiddies and bored virus writers who wreaked havoc on innocent Internet users just for fun. Today, organized crime powered by groups of professional hackers are building an army of bots armed with sophisticated state-of-the-art online weapons. Their target is clear: steal money from users who transact online. Banks, brokerages, and leading online retailers are on the target list.
"A Trojan dubbed Silentbanker targets more than 400 banks including the household names in the U.S. and other financial institutions abroad and hangs in the background to intercept transactions with two-factor authentication"
ZDNet January 2008
Similar to Silentbanker, 250,000 different types of malware were found in 2007, equivalent to the total from the previous 20 years! Fraudsters operate highly sophisticated labs and automation systems that are capable of generating new malware every second. Their level of control and productivity is far beyond imagination.
“Malware Quietly Reaching 'Epidemic' Levels. New reports say malware increased by a factor of five to 10 in 2007. In separate studies two research firms now say that malware increased between 500 percent and 1,000 percent in 2007, and it shows no signs of slowing down.” Dark Reading, January 2008
Recent malware in the wild have proved to be capable of bypassing the most advanced two-factor authentication and security controls placed by online banks. At Trusteer labs we have identified malware that bypass device identification, hardware and software tokens, client-side certificates, SMS authentication and transaction verification, and even card-readers which are considered the most secure form of transaction verification.
“A new class of malicious software contains a feature specifically designed to thwart online security technology implemented by many financial institutions that allow their customers to monitor and make changes to their accounts via the Internet.”
Washington Post, December 2007
Security software for the desktop in the form of antivirus and personal firewall is useless against these new types of financial malware even though many banks distribute them through their Website.
“Malware Evolving Too Fast for Antivirus Apps: Bad guys use sophisticated testing to create malware that can evade even the best security programs. In our tests of how well security software blocks unknown malicious programs, the best performer detected only one in four new malware samples.” PC World December 2007
"The reality is that most new malware is going undetected by commercial security products, and not just Symantec's, but we have to recognize that like all other AV products we are probably missing a sizeable amount of this malware,"
Carey Nachenberg, Symantec Research Labs, December 2007
Fraudsters are extremely efficient at distributing malware to millions of desktops by compromising millions of legitimate Websites and forcing them to serve malware to their visitors. Yahoo!, Google, and Bank of India are just a few of these Websites. Leading antivirus vendors now claim that more than 50% of desktops are infected with malware!
“2M New Websites a Year Compromised to Serve Malware”
Slashdot, January 2008
While the online criminal community is putting a tremendous effort into building a widespread, fully controlled, and highly sophisticated malware-based infrastructure, many banks are waiting for the problem to grow and cause significant fraud losses before they start building their malware prevention strategy. By doing so, banks are setting the perfect environment for fraudsters to build an unbeatable army ready for their command. When this army accurately strikes a specific bank recovery will be long, expensive, and painful.
Click here to learn about Trusteer's simple and effective solution to Financial Malware
