Home > Uncategorized > Financial Trojans: Part 3

Financial Trojans: Part 3

After reading the blog entries on financial Trojans that I have recently written, you might get the impression that Trojan horses are the only kinds of malicious code that attempt to obtain financial information to be used in identity theft attempts and other kinds of criminal activity. After all, we know that malware writers have become increasingly motivated to make money. Trojans are covert, making them ideally suited for the perpetrators’ purposes. Other types of malicious code such as viruses and worms are easy to detect and are thus not very well suited for financial fraud and identity theft. Despite this, however, other types of malicious code are also being used for the same purposes.

Believe it or not, financial worms have been spreading on the Internet for some time now. Worms are not well-suited for financial theft and fraud attempts because once they infect a machine, they usually immediately start scanning IP address space to try to find other victims to infect, something that it very easy for anyone who uses intrusion detection, intrusion prevention, network monitoring, and other tools to discover. The best current example of a financial Trojan is the Clampi worm, which gets and uses domain-administrator credentials to login to Windows domain controllers. It then copies itself to all computers on the domain, trying to obtain information from commercial Web sites. It also serves as a proxy server to anonymize perpetrators’ activity when they log into stolen accounts. Despite the fact that this worm first surfaced approximately two years ago and also that it is not all that covert, Clampi has reportedly resulted in widespread financial loss.

Another type of financial malware is financial spyware, of which Rebery is one of the best examples. Rebery is installed through exploitation of vulnerabilities in Web browsers when users visit a malicious Web site. Once it infects a system, it stays dormant until users connect to certain on-line banking or e-commerce sites. It then wakes up and starts stealing customer and transaction data, sending them to a Web site controlled by the perpetrator. To help the perpetrator figure out exactly what has transpired in a banking session, it even captures screen shots throughout the entire session. Furthermore, a considerable amount of rootkit functionality is built into this malware, enabling it to escape detection through normal means such as running anti-virus or anti-spyware tools.

So what does all this mean? If anything, financial Trojans and similar kind of malware are going to become more prolific. Resulting losses for financial institutions as well as individual users are likely to soar to the point that financial institutions will be forced to provide technology that discovers and eradicates malicious code such as financial Trojans. But is it too late. Consider Robert Mueller, Director of the FBI. He recently announced that he will no longer use online banking after he almost fell for a clever phishing attempt. Users who have their financial and personal information stolen during financial transactions are likely to reach the same decision, as are those who hear of friends and family members who have experienced such incidents. One thing is sure—if security in such transactions does not get better before too long, online banking as we know it could very well become a thing of the past.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.