Feeds

Computer forensics tool for banks aims to trace Trojans

CSI UK High Street

Reducing security risks from open source software

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client's PC has been infected with malware following incidents of suspected fraud.

The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a possibly compromised computer. The service can also be used to collect samples, identify cybercrime command servers and block further attacks.

Mickey Boodaei, Trusteer's chief exec, came to London to launch the service and present a session on financial malware at the e-crime congress on Tuesday. Early trials with the technology have revealed that 90-95 per cent of cybercrime attacks blamed on banking Trojans in the UK can be traced back to one of three malware families: Zeus, Silon (a UK-specific strain of Trojan) and Yaludle.

One in 100 PCs in the general population are infected with a strain of Zeus compared to one in 350 with Silon. Despite its deep penetration and role in fraud only one in 42 anti-virus scanner packages detects Silon, Boodaei told El Reg. "Silon spreads using a mixture of drive-by-downloads attacks, often taking advantage of unpatched vulnerabilities, and spam."

In the UK, at least, the infamous Zeus Trojan largely targets the online banking accounts of consumers. Over in the US, by contrast, Zeus is largely used to compromise corporate account. A second Trojan, Torpig, is commonly used in US banking scams but relatively rare in the UK.

Trusteer, whose main line of browser lock-down technology Rapport is offered as a voluntary download by 50 banks worldwide including NatWest and HSBC in the UK, developed Flashlight in a bid to help its financial service customers to stem a growing problem.

Online banking fraud involving the electronic transfer of funds rose to more than $120 million in the third quarter of 2009, according to estimates by the US Federal Deposit Insurance Corporation. In the UK online banking fraud losses hit £59.7m ($90.7m) in 2009, according to the latest official stats from Financial Fraud Action UK (formerly the anti-fraud unit of banking payments association APACS).

Shine a light

Fraud victims will be invited to install Trusteer's Rapport desktop forensic and protection software, which will attempt to identify the malware strain involved in a suspected fraudulent loss. "The technology looks at interactions that try to manipulate the browser and associates these with malware," Boodaei explained.

In the case of a previously encountered threat, the technology detects suspicious behavior and obtains a sample of suspect code. These samples are then analysed (examined and reverse engineered) by Trusteer's fraud and malware experts to identify the mechanism used to commit fraud. Samples will also be circulated to anti-virus vendors.

Following Trusteer's analysis, banks will receive a sample of the malware along with recommendations on how to detect and block future attacks. Trusteer Flashlight is immediately available as part of the Rapport offering, as an add-on module, or as a standalone service. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.