Feeds

Computer forensics tool for banks aims to trace Trojans

CSI UK High Street

New hybrid storage solutions

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client's PC has been infected with malware following incidents of suspected fraud.

The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a possibly compromised computer. The service can also be used to collect samples, identify cybercrime command servers and block further attacks.

Mickey Boodaei, Trusteer's chief exec, came to London to launch the service and present a session on financial malware at the e-crime congress on Tuesday. Early trials with the technology have revealed that 90-95 per cent of cybercrime attacks blamed on banking Trojans in the UK can be traced back to one of three malware families: Zeus, Silon (a UK-specific strain of Trojan) and Yaludle.

One in 100 PCs in the general population are infected with a strain of Zeus compared to one in 350 with Silon. Despite its deep penetration and role in fraud only one in 42 anti-virus scanner packages detects Silon, Boodaei told El Reg. "Silon spreads using a mixture of drive-by-downloads attacks, often taking advantage of unpatched vulnerabilities, and spam."

In the UK, at least, the infamous Zeus Trojan largely targets the online banking accounts of consumers. Over in the US, by contrast, Zeus is largely used to compromise corporate account. A second Trojan, Torpig, is commonly used in US banking scams but relatively rare in the UK.

Trusteer, whose main line of browser lock-down technology Rapport is offered as a voluntary download by 50 banks worldwide including NatWest and HSBC in the UK, developed Flashlight in a bid to help its financial service customers to stem a growing problem.

Online banking fraud involving the electronic transfer of funds rose to more than $120 million in the third quarter of 2009, according to estimates by the US Federal Deposit Insurance Corporation. In the UK online banking fraud losses hit £59.7m ($90.7m) in 2009, according to the latest official stats from Financial Fraud Action UK (formerly the anti-fraud unit of banking payments association APACS).

Shine a light

Fraud victims will be invited to install Trusteer's Rapport desktop forensic and protection software, which will attempt to identify the malware strain involved in a suspected fraudulent loss. "The technology looks at interactions that try to manipulate the browser and associates these with malware," Boodaei explained.

In the case of a previously encountered threat, the technology detects suspicious behavior and obtains a sample of suspect code. These samples are then analysed (examined and reverse engineered) by Trusteer's fraud and malware experts to identify the mechanism used to commit fraud. Samples will also be circulated to anti-virus vendors.

Following Trusteer's analysis, banks will receive a sample of the malware along with recommendations on how to detect and block future attacks. Trusteer Flashlight is immediately available as part of the Rapport offering, as an add-on module, or as a standalone service. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.