Feeds

Computer forensics tool for banks aims to trace Trojans

CSI UK High Street

SANS - Survey on application security programs

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client's PC has been infected with malware following incidents of suspected fraud.

The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a possibly compromised computer. The service can also be used to collect samples, identify cybercrime command servers and block further attacks.

Mickey Boodaei, Trusteer's chief exec, came to London to launch the service and present a session on financial malware at the e-crime congress on Tuesday. Early trials with the technology have revealed that 90-95 per cent of cybercrime attacks blamed on banking Trojans in the UK can be traced back to one of three malware families: Zeus, Silon (a UK-specific strain of Trojan) and Yaludle.

One in 100 PCs in the general population are infected with a strain of Zeus compared to one in 350 with Silon. Despite its deep penetration and role in fraud only one in 42 anti-virus scanner packages detects Silon, Boodaei told El Reg. "Silon spreads using a mixture of drive-by-downloads attacks, often taking advantage of unpatched vulnerabilities, and spam."

In the UK, at least, the infamous Zeus Trojan largely targets the online banking accounts of consumers. Over in the US, by contrast, Zeus is largely used to compromise corporate account. A second Trojan, Torpig, is commonly used in US banking scams but relatively rare in the UK.

Trusteer, whose main line of browser lock-down technology Rapport is offered as a voluntary download by 50 banks worldwide including NatWest and HSBC in the UK, developed Flashlight in a bid to help its financial service customers to stem a growing problem.

Online banking fraud involving the electronic transfer of funds rose to more than $120 million in the third quarter of 2009, according to estimates by the US Federal Deposit Insurance Corporation. In the UK online banking fraud losses hit £59.7m ($90.7m) in 2009, according to the latest official stats from Financial Fraud Action UK (formerly the anti-fraud unit of banking payments association APACS).

Shine a light

Fraud victims will be invited to install Trusteer's Rapport desktop forensic and protection software, which will attempt to identify the malware strain involved in a suspected fraudulent loss. "The technology looks at interactions that try to manipulate the browser and associates these with malware," Boodaei explained.

In the case of a previously encountered threat, the technology detects suspicious behavior and obtains a sample of suspect code. These samples are then analysed (examined and reverse engineered) by Trusteer's fraud and malware experts to identify the mechanism used to commit fraud. Samples will also be circulated to anti-virus vendors.

Following Trusteer's analysis, banks will receive a sample of the malware along with recommendations on how to detect and block future attacks. Trusteer Flashlight is immediately available as part of the Rapport offering, as an add-on module, or as a standalone service. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.