This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Zeus and Citadel the biggest banking botnets of 2013

Share this article:

A new report from Dell SecureWorks' Counter Threat Unit (CTU) research team breaks down the biggest banking botnets from last year, and reveals that 900 financial institutions from around the globe have been targeted.

Zeus and Citadel the biggest banking botnets of 2013
Zeus and Citadel the biggest banking botnets of 2013

The report, which was released today, finds that Gameover Zeus (accounting for 38 percent of banking malware last year), Citadel (33 percent), Zeus (13 percent) and Shylock  (7 percent) are the most widely-used banking malware, and suggests that most of this activity is directed at financial institutions in the US.

As is to be expected, more than half of these Trojans focused on the 25 largest financial institutions, not only in the US but also in other mature markets like the UK, Germany, Spain, Italy, Canada and France.

However, what was arguably of greater interest was that these botnets are growing more complex, and are increasingly being used to target other financial groups.

Researchers said that there is increased activity from botnets like Zeus, IceIX and Citadel – the last of which are based on Zeus source code – sold on underground markets and added that most of these are increasingly complex, with many moving parts and different attack techniques. Zeus, for example, has been successful in the past after attackers used spam campaigns and drive-by-download attacks via different exploit kits.

From a detection point of view, many of these botnets are also taking different form. Dell SecureWorks says that some have sophisticated plugin-based engines, and others are described as “primitive yet effective”. Analysts continued that they can also vary in infrastructure from those that are built upon single command and control (C2) servers to those that rely on a decentralised peer-to-peer (P2P) network.

In addition to these increasingly sophisticated botnets, the report adds that many attackers are looking to attack banks and other financial institutions from unorthodox channels. 

For example, the firm says that targets have included commercial banks, credit unions, corporate finance and providers of corporate payroll services and stock trading. Attackers have even looked to breach social networks and dating portals.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NATO members to get cyber war protection

NATO members to get cyber war protection

Nato cyber defence policy to declare that a cyber attack on any one member country is an attack on them all.

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...