New financial malware targeting bank customers

Bank customers are being targeted by criminals using regional specific malware that flies under the radar of most antivirus technology to steal peoples online banking credentials and commit fraud. Detection rates for regional malware are between zero and 20%, suggesting that the majority of these attacks go undetected.

Two pieces of regional malware targeted at UK banks have been detected by Trusteer; Silon.var2 which resides on one in every 500 computers in the UK compared to one in 20,000 in the US, and Agent.DBJP, detected on 1 in 5000 computers in the UK compared to 1 in 60,000 in the US.

In addition, Trusteer has discovered two UK-specific Zeus botnets. Although Zeus is the most known piece of financial malware, the uniqueness of these botnets is that they only consist of UK-based computers and only target UK-based banks. Hence these variants are less likely to be detected by antivirus solutions.

To help avoid detection and maximize return on their effort, the clever criminals are using UK centric spam lists and compromised websites based in the UK to spread the malware that targets bank customers.

“Regional malware is not unique to the UK”, explains Mickey Boodaei, Trustreer CEO. “We’ve recently started analyzing financial malware in South Africa and identified targeted regional attacks as well, which are rarely seen outside that region. Other regions such as Germany for example also suffer from regional malware. The infamous Yaludle malware has been highly focused on the German market”