Feeds

Computer forensics tool for banks aims to trace Trojans

CSI UK High Street

SANS - Survey on application security programs

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client's PC has been infected with malware following incidents of suspected fraud.

The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a possibly compromised computer. The service can also be used to collect samples, identify cybercrime command servers and block further attacks.

Mickey Boodaei, Trusteer's chief exec, came to London to launch the service and present a session on financial malware at the e-crime congress on Tuesday. Early trials with the technology have revealed that 90-95 per cent of cybercrime attacks blamed on banking Trojans in the UK can be traced back to one of three malware families: Zeus, Silon (a UK-specific strain of Trojan) and Yaludle.

One in 100 PCs in the general population are infected with a strain of Zeus compared to one in 350 with Silon. Despite its deep penetration and role in fraud only one in 42 anti-virus scanner packages detects Silon, Boodaei told El Reg. "Silon spreads using a mixture of drive-by-downloads attacks, often taking advantage of unpatched vulnerabilities, and spam."

In the UK, at least, the infamous Zeus Trojan largely targets the online banking accounts of consumers. Over in the US, by contrast, Zeus is largely used to compromise corporate account. A second Trojan, Torpig, is commonly used in US banking scams but relatively rare in the UK.

Trusteer, whose main line of browser lock-down technology Rapport is offered as a voluntary download by 50 banks worldwide including NatWest and HSBC in the UK, developed Flashlight in a bid to help its financial service customers to stem a growing problem.

Online banking fraud involving the electronic transfer of funds rose to more than $120 million in the third quarter of 2009, according to estimates by the US Federal Deposit Insurance Corporation. In the UK online banking fraud losses hit £59.7m ($90.7m) in 2009, according to the latest official stats from Financial Fraud Action UK (formerly the anti-fraud unit of banking payments association APACS).

Shine a light

Fraud victims will be invited to install Trusteer's Rapport desktop forensic and protection software, which will attempt to identify the malware strain involved in a suspected fraudulent loss. "The technology looks at interactions that try to manipulate the browser and associates these with malware," Boodaei explained.

In the case of a previously encountered threat, the technology detects suspicious behavior and obtains a sample of suspect code. These samples are then analysed (examined and reverse engineered) by Trusteer's fraud and malware experts to identify the mechanism used to commit fraud. Samples will also be circulated to anti-virus vendors.

Following Trusteer's analysis, banks will receive a sample of the malware along with recommendations on how to detect and block future attacks. Trusteer Flashlight is immediately available as part of the Rapport offering, as an add-on module, or as a standalone service. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.