This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Zeus and Citadel the biggest banking botnets of 2013

Share this article:

A new report from Dell SecureWorks' Counter Threat Unit (CTU) research team breaks down the biggest banking botnets from last year, and reveals that 900 financial institutions from around the globe have been targeted.

Zeus and Citadel the biggest banking botnets of 2013
Zeus and Citadel the biggest banking botnets of 2013

The report, which was released today, finds that Gameover Zeus (accounting for 38 percent of banking malware last year), Citadel (33 percent), Zeus (13 percent) and Shylock  (7 percent) are the most widely-used banking malware, and suggests that most of this activity is directed at financial institutions in the US.

As is to be expected, more than half of these Trojans focused on the 25 largest financial institutions, not only in the US but also in other mature markets like the UK, Germany, Spain, Italy, Canada and France.

However, what was arguably of greater interest was that these botnets are growing more complex, and are increasingly being used to target other financial groups.

Researchers said that there is increased activity from botnets like Zeus, IceIX and Citadel – the last of which are based on Zeus source code – sold on underground markets and added that most of these are increasingly complex, with many moving parts and different attack techniques. Zeus, for example, has been successful in the past after attackers used spam campaigns and drive-by-download attacks via different exploit kits.

From a detection point of view, many of these botnets are also taking different form. Dell SecureWorks says that some have sophisticated plugin-based engines, and others are described as “primitive yet effective”. Analysts continued that they can also vary in infrastructure from those that are built upon single command and control (C2) servers to those that rely on a decentralised peer-to-peer (P2P) network.

In addition to these increasingly sophisticated botnets, the report adds that many attackers are looking to attack banks and other financial institutions from unorthodox channels. 

For example, the firm says that targets have included commercial banks, credit unions, corporate finance and providers of corporate payroll services and stock trading. Attackers have even looked to breach social networks and dating portals.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

4% of Googlebots are fake and can launch attacks

4% of Googlebots are fake and can ...

Admins' fear of damaging their SEO gives malicious search engine bots a 'VIP pass' into sites.

Brit Lauri Love faces more US hacking charges

Brit Lauri Love faces more US hacking charges

Lauri Love, a 29-year-old British man from Stradishall in Suffolk, has been charged by a US court with hacking into multiple US government computers and stealing more than 100,000 employee ...

More questions than answers as BBC outage fuels DDoS talk

More questions than answers as BBC outage fuels ...

The British Broadcasting Corporation was hit by a prolonged outage on its website and iPlayer video-on-demand service (VOD) last weekend, raising questions about the cause and whether it was subjected ...