The trojan money spinner presented at Virus Bulletin 2007

by Mika Stahlberg (F-Secure),

Tags: Security


Summary : It is obvious that as more and more money moves online, criminals who want to steal that money are moving online as
well. Since banks no longer have large sums of money in their vaults and bank robbery has several inherent risks
to it, criminals have found a lucrative and a much lower-risk business in online crime. Email-based phishing has
been the first echelon of this change, but the situation is already changing again.Online banks have begun to improve their security and authentication methods. This will very much reduce the
effectiveness of phishing that is based on emails and fraudulent sites. There is a clear demand in the world of
crime for better solutions. The second echelon of online bank fraud is banking trojans. These trojans infect the
computer of an online bank customer. Therefore the trojan has visibility to everything the customer does and can
use his authenticated banking session to steal his money. Also, a key difference to email-based phishing is that
the victim is doing nothing wrong; he is just going to his bank and doing his business, as he should.
These attackers are making a lot of money. Relatively few of them are caught, so the problem is only going to get
worse. To better understand this problem and its size, we have implemented a new tool for analysing banking trojans.
We have run this tool on thousands of recent malware samples to get an idea how common these banking trojans are,
what are the current trends, what is the geographical distribution of this problem, and what are the targets. This
paper presents our findings.