Menu
Banking malware proves tough to repel

Banking malware proves tough to repel

Dridex, Bebloh, TinyBanker and Dyre abound, according to SecurityScorecard

SecurityScorecard found thousands of organizations infected with sophisticated banking malware, including one called Dridex.

SecurityScorecard found thousands of organizations infected with sophisticated banking malware, including one called Dridex.

Companies are finding it tough to keep out new types of banking malware, which continue to get better following the bar-raising threat known as Zeus.

The malicious programs all aim to swiftly and secretly steal credentials for online bank accounts, with some specializing in making large, unauthorized wire transfers from businesses using the ACH (Automated Clearing House) system.

A study by the firm SecurityScorecard, which specializes in tracking a company's risk of intrusion, found more than 4,700 organizations that were infected by some type of advanced banking malware.

SecurityScorecard collected the data in part by using sinkholes, or computers that researchers control which are part of a network of infected machines, known as a botnet. An analysis of those sinkholes can lend insight into how many machines may be infected with a particular type of malware.

The company also looks at spam campaigns, vulnerabilities in web applications, malware campaigns conducted using social media and monitors underground hacking forums, said Alex Heid, chief research officer.

"For hackers, you always want to look for the weakest link and pivot in," he said.

The study, conducted over the first five months of this year, found 11,952 infections affecting 4,703 organizations. Some of those organizations are customers of SecurityScorecard, while others are partners of those customers.

When SecurityScorecard evaluates a customer's network, the customer also shares information about their partners, who may also have access to their systems.

It's those relationships that are increasingly being targeted by hackers. Target and Home Depot both attributed large payment card breaches to the infiltration of third-party contractors whose credentials gave access to their systems.

The top banking malware families that have been circulating are Dridex, Bebloh and TinyBanker, Heid said.

Dridex spreads through spam that contains attachments to malicious XML files or Microsoft Office documents with macros, he said. Bebloh is hard to detect since it makes few changes to the computers it infects. TinyBanker -- named for its small 20K size -- is hard to find as well since its creators often change its digital footprint, which allows it to evade security products, he said.

Those distributing malware try to make sure their programs are FUD, or fully undetectable. They do that by using tools to encrypt the software called crypters or packers, which compress the file in a way that makes it hard to detect, Heid said.

SecurityScorecard also found instances of Dyre, another banking malware program that descended from the infamous Zeus software.

The U.S. Department of Justice, working with security researchers, managed to shut down the Gameover Zeus botnet in mid-2014. The botnet and associated malware stole as much as US$100 million.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareSecurityScorecard

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments