Between January 2005 and August 2006, PandaLabs detected the appearance of 6,995 new and unique banker Trojans. The biggest increase took place between February and March 2005, when the number rose from 66 to 378 examples. From then, and with only the odd exception, there have been over 200 new examples every month.
And the current trend is increasing: between January and August 2005, there were 2,468 new Trojans, while during the same period in 2006, 3,086 were detected, an increase of 25 percent.
There are specific Trojans for almost every financial entity offering online banking services, so this is not just an isolated problem affecting a handful of users.
Banker Trojans are designed specifically to intercept users’ attempts to log in to online banking services and to steal their confidential data: user names, passwords, PINS, account and credit card numbers, etc., which are then used for all types of crime including online fraud and identity theft. Most Trojans in circulation are part of this panorama which is particularly dangerous for users who make financial transactions over the Internet.
One clear example of the interest among cyber-crooks in this type of malicious code is the scam involving the sale of customized versions of the Briz Trojan, which was dismantled a few months ago by PandaLabs. This involved a complex system of creating and selling à la carte malware designed to steal personal and confidential information as well as to go undetected by traditional antivirus solutions. Up until the scam was neutralized, the Trojans created were able to gather up to 2,033 files with 70.6MB of data. Of these, 62MB were text files, equivalent to 62,000 printed pages of confidential information.
At the same time, the creators of these Trojans are applying new functionalities to their creations to make them yet more effective. For example, the recently detected Banbra.DCY Trojan is specifically designed to take video shots of login details entered in ‘virtual keyboards’ (where users enter their passwords through mouse clicks on the on-screen image of a keyboard).
Moreover, banker Trojans have an added danger, which is the way they are nearly always distributed without users realizing. The techniques used include targeted attacks against specific users or groups using personalized social engineering or exploiting software vulnerabilities that allow malicious code to be secretly downloaded when visiting certain web pages.
According to Luis Corrons, director of PandaLabs: “The concept of a virus epidemic has changed radically with the new malware dynamic in which easy money is the only aim. There is a silent epidemic currently plaguing the Internet and it is not caused by a single virus, but by thousands circulating with the same objective: cybercrime.”
Given the amount and variety of banker Trojans in circulation, as well as other threats that are secretly installed on computers, Panda Software has taken the step of elevating the status of the global Internet threat level to Orange, to ensure that users take the necessary precautions to prevent falling victim to these silent attacks.