Date:25/08/11
Hackers have infused an 18-month-old worm with Zeus financial malware to attack two-factor authentication and transaction signing systems used in online banking sessions.
Configurations of the Win32.Ramnit worm, captured and reverse engineered by Trusteer, were found to incorporate tactics from the Zeus financial malware platform.
Zeus source code was published on the internet earlier this year. Trusteer researchers found the method used to configure Ramnit to target a specific bank is identical to the one used by Zeus. This allows fraudsters to easily port Zeus configurations to Ramnit.
According to the Symantec Intelligence Report for July, Ramnit accounts for 17.3 per cent of all new malicious software infections. Trusteer estimates tens of thousands of machines used for online banking are currently infected with Ramnit.
Ramnit, an old-school file-infection virus, was first detected in 2010 and targets EXE, SCR, DLL, HTML and other file formats. Its command and control servers in Germany are currently live.
"Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program, old or new," said Amit Klein, chief technical officer of Trusteer. "The malware distribution channel for fraudsters has increased in scale significantly."
Fraudsters fuse Zeus and Ramnit to fleece financial institutions
Hackers have infused an 18-month-old worm with Zeus financial malware to attack two-factor authentication and transaction signing systems used in online banking sessions. Configurations of the Win32.Ramnit worm, captured and reverse engineered by Trusteer, were found to incorporate tactics from the Zeus financial malware platform.
Zeus source code was published on the internet earlier this year. Trusteer researchers found the method used to configure Ramnit to target a specific bank is identical to the one used by Zeus. This allows fraudsters to easily port Zeus configurations to Ramnit.
According to the Symantec Intelligence Report for July, Ramnit accounts for 17.3 per cent of all new malicious software infections. Trusteer estimates tens of thousands of machines used for online banking are currently infected with Ramnit.
Ramnit, an old-school file-infection virus, was first detected in 2010 and targets EXE, SCR, DLL, HTML and other file formats. Its command and control servers in Germany are currently live.
"Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program, old or new," said Amit Klein, chief technical officer of Trusteer. "The malware distribution channel for fraudsters has increased in scale significantly."
Views: 796
©ictnews.az. All rights reserved.
Similar news
- Mobile operators of national market to reduce roaming tariffs
- Iran vows to unplug Internet
- China Targeting Telecoms in Corruption Probe
- Bangladesh to use electronic voting system for next elections
- Philippine IT sector to launch five-year digital strategy plan
- Russian Premier Vladimir Putin meets ITU Secretary-General Hamadoun Touré
- US lawmakers propose to regulate use of geolocation data
- Unlimited mobile data plans dying as telcos gear up for cloud future
- Europe at risk of falling behind US and Asia on 4G use
- Netherlands first to regulate on net neutrality
- Korean Co Takes Aim At Display Patents
- Regulators, Banks Look for IT Hires After Breakdowns
- Electron transactions spreading
- Schools in remote rural areas will connect to the single database via network without SIM
- Obama to Personally Tweet From Twitter Account
