Banking malware 'a growing threat', as new variant of Zeus is detected

News by Dan Raywood

Malware that steals users' identity and empties their bank accounts has been cited as a growing threat to Britain.

Malware that steals users' identity and empties their bank accounts has been cited as a growing threat to Britain.

According to Parliament's Science and Technology Select Committee report, which was released this week, a lack of awareness is to blame and it called for greater use of the Get Safe Online website.

The report claimed that infection with malware takes cyber crime to a different level as "experts use their technical skills to, among other things, take over computers worldwide to steal bank details and identity information".

It also claimed that Dr Richard Clayton, research assistant at the University of Cambridge who was involved in gathering the research, did not believe it was possible to bring the population up to the level of technical knowledge required to defend itself; instead we needed to "rely on those who make the software to adapt it in such a way that you no longer need to read the URL in order to be safe".

Graham Cluley, senior technology consultant at Sophos, said: “I strongly believe that greater awareness and education regarding internet threats is an essential part of fighting the problem, and it's encouraging to see the committee's report not only back this idea, but also recommend that messages need to be customised carefully for the different generations of people using the net.

"Simple, easy-to-understand language is by far the best way to help computer users understand how to protect themselves online, and we are keen supporters of the government-backed Get Safe Online website.  A key challenge, however, for sites and resources like this is that they tend to be known about only by those already involved in IT security, rather than the average person in the street. The only way to change this is by a properly funded broad awareness campaign."

Denis Sennechael, vice-president EMEA, sales and operations, at Axway, said: “Some of the most recent estimates reckon that online crime costs UK businesses £21bn every year, with IP theft accounting for almost half of that at £9.2bn. This is an extraordinarily large sum of money to leak out of businesses through online crime, highlighting the importance of the report, which urges the Government to do more to make simple security measures easy to understand.

“While many people would assume that their corporate IT security keeps their system, and everything they use it for, safe, the biggest risk to corporate security is most often human error. Cyber criminals and hackers are well aware of this and target individuals with phishing attacks and other scams in order to take advantage of the weak links.

“More often than not, after having the right tools in place, education is the most important and effective defence against criminals. It would be a massive step and a big help for the Government to take the lead on this, as most of the simple things that people can do at home to defend themselves from risks apply equally to the workplace.”

A report released this week by Trusteer revealed just how adept banking Trojans have become at intercepting personal information. It said that a new variant of the Zeus Trojan allows attackers to divert calls from a bank that were intended for a customer to attacker-controlled phone numbers, which criminals use to execute fraudulent transactions.

Amit Klein, CTO of Trusteer, said Ice IX is a modified variant of the Zeus financial malware platform and it is targeting online banking customers in the UK and US.

In one attack captured by Trusteer researchers, the malware stole the victim's username and password at the login stage, as well as their memorable information/secret question answer, date of birth and account balance. Then the victim was asked to update their phone numbers of record (home, mobile and work) and select the name of their service provider from a drop-down list.

The victim was then urged by the malware to submit their telephone account number; the attacker justified this request by stating the information was required as a part of a verification process caused by "a malfunction of the bank's anti-fraud system with its landline phone service provider".

Klein said: “Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank. This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews