These can filch your passwords, deplete your bank accounts and even infiltrate highly secure bank web sites.
Financial malware have grown leaps and bounds not only in their behavior pattern but also in the way they are distributed (Citadel). However, their overall ingenuity lies in the way they are presented to lure users.
It can be anything from Malicious PDF to links shared on Social Networking sites to phishing schemes. Here are our top six financial malware online users need to aware of.
The author is MD and CEO of eScan.
1. ZeuS
Zeus is a Trojan horse that steals banking information by Man-in-the-Browser, keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009.
In June 2009, Zeus had compromised over 74,000 FTP (file transfer protocol) accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.
In May 2011, the then-current version of Zeus's source code was leaked and in October the 'abuse.ch' blog reported about a new custom build of the Trojan that relies on more sophisticated peer-to-peer capabilities.
2. SpyEye
An overly enhanced version of ZeuS. This piece of malware not only comes with the capability of performing Man-in-the-Browser attacks but can also reroute one-time passwords sent to victim's cellphones. It can harvest credentials for online accounts and also initiate transactions as and when a person is logged into his/her account; literally making it possible to watch their bank balance drop by the second.
SpyEye is actually a botnet with a network of command-and-control servers hosted around the world.
At the time of writing this article, some 181 command-and-control servers were online, according to the SpyEye Tracker, a website dedicated to gathering statistics about the malicious software.
3. Shylock
The goal of the fraudster is to collect additional personal information from the victim and the suspicion is that the cyber-crook will use words of persuasion to get the victim to verify fraudulent transactions as Shylock silently initiates them in the background.
When the victim logs in to the online banking application, the session stalls for few minutes and the user is told that security checks are being performed. Though a series of fake HTML page injections and complex JavaScript code, the victim is presented with a LIVE chat window that is being operated by the cyber-criminal.
4. Ramnit
Initially created with the intention to steal Facebook login credentials, Ramnit was further modified and paired with the ZeuS source code enabling the worm to gain remote access to financial targets.
The stolen credentials are used to help spread the malware which is done by logging into the victims account and sending malicious links to all friends listed. This change also shows a change in the creation of malware where cyber-criminals are beginning to experiment with old-school malware to create more sophisticated ones.
5. Ice IX
Another basic modified version of ZeuS, Ice IX also comes with the ability to manipulate content displayed within browsers used by victims. It achieves this by injecting rogue web forms into online banking websites.
However, newer variants of Ice IX online banking Trojan programme are tricking victims into exposing their telephone account numbers so that fraudsters can divert post-transaction verification phone calls made by banks to phone numbers under their control.
6. Citadel
Again, based on the ever-famous ZeuS source code, Citadel comes in as another banking malware but with an interesting feature. The most striking feature lies in its development.
The malware comes with a User Manual, Release Notes and License Agreement and like its elder sibling Citadel is sold as a crime-ware toolkit in the underground market.
In addition, the toolkit allows cyber-criminals to customise the Trojan according to their needs and command and control infrastructure. Going even a step further, malware authors have developed an online platform where customers can request features, report bugs and even contribute modules. Moreover, this new development also comes in as indication of a trend in malware evolution.