Banking malware detected with very little anti-virus interception

Malware that specifically targets online banking users that has very low detection rates has been found.

Trusteer, producer of the Rapport web page security software, said that cyber criminals are using region-specific malware, which is undetected by most anti-virus technology, to steal people's online banking credentials and commit fraud. It claimed that detection rates for this regional malware is between zero and 20 per cent.

It claimed that the malware, named as Silon.var2 and Agent.DBJP, reside on one in every 500 computers and on one in every 5,000 computers in the UK respectively.

Mickey Boodaei, CEO of Trusteer, said: “Unlike known malware kits such as Zeus, Torpig and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors, regional financial malware such as Silon.var2 and Agent.DBJP are highly targeted.

“In the UK, each campaign would usually focus on three to seven banks and target them for a period of six to nine months and then morph and change the list of targets, using a new more advanced version of the malware.”

Trusteer is now calling on banks in the same region to work together, share information and proactively try to identify and target regional malware. It claimed that banks should actively investigate regional malware in order to understand how the malware works and how it can be stopped by shutting down its command and control servers.

Trusteer CTO Amit Klein said: “Silon, DBJP and other regional financial malware have been identified through Trusteer's Flashlight service and analysis and investigation results have been shared between participating banks.

“If a bank in a specific region experiences fraud from a new piece of regional malware there is an 80 per cent chance that other banks in the same region will experience in the near future similar losses from this malware.”

Sign up to our newsletters