Financial malware gets smarter

An analysis into the use of financial malware has shown that despite a fall in the number of new programs detected criminals are still managing to beat security measures designed to stop fraud.

The study found that discoveries of malware aimed at banks and other financial groups is trending downwards this isn’t reflected in a reduced threat. Rather the threats are increasing as malware writers are getting smarter.

“Financial institutions around the world are seeing increasing losses from cybercrime,” wrote Roel Schouwenberg, senior antivirus researcher at Kaspersky Labs.

“Investing in better security costs a lot of money. However, this is a choice that banks clearly have to make.”

C notes that attack vectors have changed significantly in the last year, with far less reliance on easily blocked spam containing malware to attack code being embedded in web pages.

This is in line with other software attacks but what differentiated the malware for finance houses is its sophistication. Traditional keylogging software is now being replaced by Trojans, that can download ever more complex spying tools.

For example, two factor authentication for online banking (the use of a hardware token in addition to a secret password) is increasingly ineffective, as malware writers have perfected the tools to get around it by redirecting the user to a separate server to harvest the necessary access information in real time – the so called ‘man in the middle’ attack.

This defeats the two factor process but malware writers have taken the process a step further with a new ‘man in the endpoint’ attack. This eliminates the need for a separate server by condiucting the entire attack on the user’s machine.

“There are several significant advantages to this approach,” Schouwenberg explains.

“Firstly, there's a direct connection with the financial organisation so there's no chance of a transaction being tagged simply because a user has l ogged on from an unknown IP address. Secondly, a MitE will have a better success rate than a MitM attack if used against a system which employs complex defences.”

The situation is being aided by the increasing use of ‘money mules’, people who are recruited to act as recipients of stolen funds and pass them on in the form of eGold or moneygram certificates to the fraudster in exchange for a 10-15 per cent discount.