Feeds

Computer forensics tool for banks aims to trace Trojans

CSI UK High Street

Internet Security Threat Report 2014

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client's PC has been infected with malware following incidents of suspected fraud.

The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a possibly compromised computer. The service can also be used to collect samples, identify cybercrime command servers and block further attacks.

Mickey Boodaei, Trusteer's chief exec, came to London to launch the service and present a session on financial malware at the e-crime congress on Tuesday. Early trials with the technology have revealed that 90-95 per cent of cybercrime attacks blamed on banking Trojans in the UK can be traced back to one of three malware families: Zeus, Silon (a UK-specific strain of Trojan) and Yaludle.

One in 100 PCs in the general population are infected with a strain of Zeus compared to one in 350 with Silon. Despite its deep penetration and role in fraud only one in 42 anti-virus scanner packages detects Silon, Boodaei told El Reg. "Silon spreads using a mixture of drive-by-downloads attacks, often taking advantage of unpatched vulnerabilities, and spam."

In the UK, at least, the infamous Zeus Trojan largely targets the online banking accounts of consumers. Over in the US, by contrast, Zeus is largely used to compromise corporate account. A second Trojan, Torpig, is commonly used in US banking scams but relatively rare in the UK.

Trusteer, whose main line of browser lock-down technology Rapport is offered as a voluntary download by 50 banks worldwide including NatWest and HSBC in the UK, developed Flashlight in a bid to help its financial service customers to stem a growing problem.

Online banking fraud involving the electronic transfer of funds rose to more than $120 million in the third quarter of 2009, according to estimates by the US Federal Deposit Insurance Corporation. In the UK online banking fraud losses hit £59.7m ($90.7m) in 2009, according to the latest official stats from Financial Fraud Action UK (formerly the anti-fraud unit of banking payments association APACS).

Shine a light

Fraud victims will be invited to install Trusteer's Rapport desktop forensic and protection software, which will attempt to identify the malware strain involved in a suspected fraudulent loss. "The technology looks at interactions that try to manipulate the browser and associates these with malware," Boodaei explained.

In the case of a previously encountered threat, the technology detects suspicious behavior and obtains a sample of suspect code. These samples are then analysed (examined and reverse engineered) by Trusteer's fraud and malware experts to identify the mechanism used to commit fraud. Samples will also be circulated to anti-virus vendors.

Following Trusteer's analysis, banks will receive a sample of the malware along with recommendations on how to detect and block future attacks. Trusteer Flashlight is immediately available as part of the Rapport offering, as an add-on module, or as a standalone service. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.