The Top 10 Most Dangerous Malware That Can Empty Your Bank Account
[Updated]
At the
beginning of June 2014, a large international effort – named Operation Tovar –
involving US and European enforcement agencies and security firms worldwide,
blocked the spread of Zeus Gameover botnet and managed to control servers that
were important for CryptoLocker, the well-known ransomware, which encrypts
system files and demands a ransom in exchange for the decryption key.
Gameover
Zeus and Cryptolocker are some of the most well-known pieces of malware that
target financial data, but there are many other variants and types of
credentials stealing Trojans out there that you need to pay attention to.
We organized
a list of the most dangerous financial malware out there. Just to make sure you
understand our approach and intentions, what you’ll find below is a short
presentation for some of the most advanced credential-stealing Trojans on the
web.
Nevertheless,
you can rest assured that Heimdal PRO is one of the few security solutions that can
protect you from these advanced pieces of malware.
Top 10 Most Dangerous Financial Malware
1.Zbot/Zeus
Zeus, also
known as Zbot, is a notorious Trojan which infects Windows users and tries to
retrieve confidential information from the infected computers. Once it is
installed, it also tries to download configuration files and updates from the
Internet. The Zeus files are created and customized using a Trojan-building
toolkit, which is available online for cybercriminals.
Zeus has
been created to steal private data from the infected systems, such as system
information, passwords, banking credentials or other financial details and it
can be customized to gather banking details in specific countries and by using
various methods. Using the retrieved information, cybercriminals log into
banking accounts and make unauthorized money transfers through a complex
network of computers.
Zbot/Zeus is
based on the client-server model and requires a Command and Control server to
send and receive information across the network. The single Command and Control
server is considered to be the weak point in the malware architecture and it is
the target of law enforcement agencies when dealing with Zeus.
To counter
this weak point, the latest variant of Zeus/Zbot have included a DGA (domain
generation algorithm), which makes the Command and Control servers resistant to
takedown attempts. The DGA generates a list of domain names to which the bots
try to connect in case the Command and Control server cannot be reached.
Zeus/Zbot,
known by many names including PRG and Infostealer, has already infected as many
as 3.6 million systems in the United States. In 2009, security analysts found
that the Zeus spread on more than 70,000 accounts of banks and businesses
including NASA and the Bank of America.
2.Zeus Gameover (P2P) (Zeus family)
Zeus
Gameover is a variant of the Zeus family – the infamous family of financial
stealing malware – which relies upon a peer-to-peer botnet infrastructure.
The network
configuration removes the need for a centralized Command and Control server,
including a DGA (Domain Generation Algorithm) which produces new domains in
case the peers cannot be reached. The generated peers in the botnet can act as
independent Command and Control servers and are able to download commands or
configuration files between them, finally sending the stolen data to the
malicious servers.
Zeus
Gameover is used by cybercriminals to collect financial information, targeting
various user data from credentials, credit card numbers and passwords to any
other private information which might prove useful in retrieving a victim’s
banking information. GameOver Zeus is estimated to have infected 1 million
users around the world.
READ: 3. SpyEye (Zeus
family)
No comments:
Post a Comment