Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Black Hats target financial services in Q1 2011

Ross O. Storey | April 26, 2011
Ten variants of Zeus malware steal information from mobile, email and social media platforms, some even bypassing banks’ two-factor authentication.

Banks and financial institutions have been popular targets for cyber-criminals in the first quarter of 2011, according to the latest crimeware report by security specialist Trend Micro.

The Trend Micro crimeware report for Q1 2011 has identified that seven out of its top 10 list of cybercrime targets were banks and financial transactions platforms (see table below).

These included established banks such as HSBC Holdings, Australia and New Zealand Banking Group Limited (ANZ), Lloyds TSB Bank, Banco Santander, S.A., and Western Union Bank.

Sites like PayPal, eBay and Pharmacy Express were also in the top 10 list of cybercrime targets for both email phishing and site-spoofing attacks, as were platforms like Facebook and Yahoo!.

The report said that changing lifestyles and the increasing information exchange on social media sites like Facebook, plus growing financial transactions through online and mobile platforms, have been found to be key vulnerabilities.

ZeuS malware active

Key malware incidents this quarter involved the notorious ZeuS malware and its more than 10 variants that were used primarily as information stealing tools impacting mobile, email and social media platforms.

The report also found new and improved ZeuS toolkit versions able to bypass the two-factor authentication measures banks commonly use to protect their clients.

"To do so, the malware monitors an affected user's text messages and forwards relevant ones to a remote user," states the report. "This allows cybercriminals to get hold of the authentication codes banks send to users. Obtaining these codes allows the cybercriminals to access and steal from affected users' bank accounts."

TrendLabs engineers said blackhats also targeted organizations that relied on Automated Clearing House (ACH) systems.

"Spammed messages urged recipients to click a link to a site in order to obtain more details regarding a supposed rejected transaction," the report said. "To obtain the promised information, however, the users were prompted to download a Java update, which was actually an exploit kit (detected as PE_LICAT.SM-O).

.EXE files infected

"The malware then infects .EXE files currently running on affected systems, turning these into PE_LICAT.SM, which were designed to randomly generate and access certain domains in order to download more malware."

Trend Micro expects that cybercriminals will increasingly target mobile device users even more with the bypassing of two-factor authentication measures and targeting mobile devices.

"The fact that the majority of mobile online banking users still lack awareness of the threats this poses, only increases the likelihood of such risks," the report stated.

QAKBOT revamped

Trend Micro said that ZeuS was not the only threat banks and other financial institutions faced this quarter. A third-generation QAKBOT worm, as well as the Tatanga and other banking Trojans, also reared their ugly heads in the past three months.


1  2  Next Page 

Sign up for Computerworld eNewsletters.