This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Zeus and Citadel the biggest banking botnets of 2013

Share this article:

A new report from Dell SecureWorks' Counter Threat Unit (CTU) research team breaks down the biggest banking botnets from last year, and reveals that 900 financial institutions from around the globe have been targeted.

Zeus and Citadel the biggest banking botnets of 2013
Zeus and Citadel the biggest banking botnets of 2013

The report, which was released today, finds that Gameover Zeus (accounting for 38 percent of banking malware last year), Citadel (33 percent), Zeus (13 percent) and Shylock  (7 percent) are the most widely-used banking malware, and suggests that most of this activity is directed at financial institutions in the US.

As is to be expected, more than half of these Trojans focused on the 25 largest financial institutions, not only in the US but also in other mature markets like the UK, Germany, Spain, Italy, Canada and France.

However, what was arguably of greater interest was that these botnets are growing more complex, and are increasingly being used to target other financial groups.

Researchers said that there is increased activity from botnets like Zeus, IceIX and Citadel – the last of which are based on Zeus source code – sold on underground markets and added that most of these are increasingly complex, with many moving parts and different attack techniques. Zeus, for example, has been successful in the past after attackers used spam campaigns and drive-by-download attacks via different exploit kits.

From a detection point of view, many of these botnets are also taking different form. Dell SecureWorks says that some have sophisticated plugin-based engines, and others are described as “primitive yet effective”. Analysts continued that they can also vary in infrastructure from those that are built upon single command and control (C2) servers to those that rely on a decentralised peer-to-peer (P2P) network.

In addition to these increasingly sophisticated botnets, the report adds that many attackers are looking to attack banks and other financial institutions from unorthodox channels. 

For example, the firm says that targets have included commercial banks, credit unions, corporate finance and providers of corporate payroll services and stock trading. Attackers have even looked to breach social networks and dating portals.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".