Tech Support Forum banner

Trojan writers target UK banks with botnets

685 Views 2 Replies 2 Participants Last post by  Techeroo
Cyber-criminals are building country-specific botnets to target UK bank consumers with dedicated malware, security company Trusteer has reported.

The company identifies two pieces of malware – the previously undetected Silon.var2 and the longer-established Agent.DBJP – as the two bank Trojans being distributed by Zeus-based botnets using UK-infected PCs.

Silon.var2 now affects 1 in every 500 UK-based PCs connected to the Trusteer Flashlight system, 40 times the detection level for the US, with Agent.DBJP affecting 1 in every 5,000 UK-based PCs, again far higher than for the US.

It's not clear whether these detection rates are partly a quirk of the Trusteer customer base, but it is clear that country-specific malware is now a defined strategy for the banking trojan botnets, with the UK high on the hit-list.

Although country-specific malware can apply to any country, the motivation for attacking banks and their customers in this way is to make detection harder. Global Trojan campaigns are simply easier to spot.

“Regional malware is not unique to the UK,” said Trusteer CEO, Mickey Boodaei. “We’ve recently started analysing financial malware in South Africa and identified targeted regional attacks as well, which are rarely seen outside that region. Other regions such as Germany for example also suffer from regional malware. The infamous Yaludle malware has been highly focused on the German market,” he said.

Trusteer's commercial motivation is to push its 'Rapport' browser plug-in to UK banks through which an encrypted link is set up between the banking sites and the customer. The technology is already being used in the UK by HSBC, and was itself recently and unsuccessfully targeted by malware writers trying to overcome its protection settings.

Bank Trojan writers have also launched attacks against the Firefox banking website user base, confounding the out-of-date belief that IE is the only targeted browser.
See less See more
Not open for further replies.
1 - 3 of 3 Posts
During the past 48 hours we were hit by foreign attackers taking over our homepage (not other pages [yet]). Our tech people fixed the problems twice and now (some 24 hours later) they're at it again. ( We are www DOT ltgof DOT com ). We have a VBulletin product (that is the one they attacked). They apparently re-direct the home page to their webpage.
Thanks tetonbob.

We are now getting hit with a file that does not show a re-directed url in the address bar (this is the one they used when they first hit us). The one they used yesterday showed a different url in the address bar.

They appear to be focusing on the main home page (as other pages are available i.e. /forum.php ). Anybody know anything about these people?
1 - 3 of 3 Posts
Not open for further replies.