Pierluigi Paganini January 11, 2012

The new year does not bode well in terms of cyber threats banking universe. The need for new services, primarily the ability to make transactions in mobile scenario, exposing the banks and their platforms to serious threats. Particularly in these early days of 2012, two reports have raised some concern:

• Global warning about Banking trojan “Gameover”
• SpyEye bank Trojan has been evolved implementing new mechanisms to hiding fraud evidences

Let go in the detail of the two threats.

Criminal organizzation have launched massive cyber attacks against banks like diversive to distract their customers from noticing perpetrated cyber theft. New malware have been implicated in Distributed-Denial-of-Service attacks with the intent to shut down bank websites diverting attention away from fraudulent transactions. The warning has been provided by the FBI, announced the spread of a new variant of the dreaded virus Zeus, called “GameOver”. Zeus malware is used to steal online bank users credential.

The propagation vector is e-mail spam, in fact a huge quantity of infected messages have been spread. The interesting feature of Gameover malware, like similar agents, is its ability to remain silent in the infected host waiting the rigth time to steal user’s credentials during on line bank accesses.

Just the ability to operate silently gives me the opportunity to introduce the second news. The protagonist is still an old threat of the banking sector, the SpyEye malware. Like “GameOver” malware, SpyEye, has-been seen with a feature designed to keep victimsin the dark long after fraud has taken place.

What is the main capacity that has made remarkable SpyEye? The agent is known for its ability to inject additional fields in any web form, using the technique called HTML injection. Fields added are used to retrieve the client credentials and other sensitive information such as credit card numbers.
The interesting feature is that using the same technique you can trick the user showing artifacts information to conceal the fraud in place.
Researchers at the Trusteer company have discovered that the injection of HTML is used to provide incorrect values ​​of the total amount of banking accounts to conceal the misappropriation of money. Diabolical, isn’t it?
But there’s more! The malware keeps a history of banking operations conducted by user providing to the unaware customer a situation of its bank account in which fraudulent transactions are absent.

What to expect from the future? Most advanced malware which will implement the main features of its predecessors. Probably, we will encounter, as it is happened for the “Tilded platform” in the cases of Stuxnet and Duqu, a real development kit with which these agents will be configured and prepared to offend specific objectives.

When using on line banking services, in particular via mobile devices, there are a number of simple rules of behavior that should be shared as:

• To avoid fishing web sites always login to your bank by typing the address in the browser url bar and not using link retrieved inside email.
• Beware to click on links present in arrived email id you are not sure where thay can direct you.
• Use applications to increase the safety of the device. The prinicipali antivirus companies are producing applications that allow even inexperienced users to avoid nasty surprises.
• Be careful visiting web sites, the likelihood of you encountering malware is really high.
• Avoid to downloading utility and porn applications from unverified sources because these types of apps are most likely to have malware hidden inside.
• Be careful clicking on a shortened URL in an SMS message or on a social networking site. Social network platform are preferential place for malware spreading.
• Pay attention to all interactions required by our mobile applications, make sure to authorize only necessary transactions.
• Be careful clicking on app advertisements.When clicking on ads, you need to be confident that the ad directs to where you expect to be directed.

Pierluigi Paganini