Thursday, 20 June 2013
Study of banking malware analyzes underground economy
Study of banking malware analyzes underground economy
By Marcia Savage, Features Editor Information Security magazine | Dec 29, 2008
0 comments
Digg
PrintA recent study of keyloggers and banking Trojans provides a view into the underground economy of stolen bank account credentials, passwords and credit card numbers.
The study, published earlier this month by Thorsten Holz, Markus Engelberth and Felix Freiling at the University of Mannheim in Germany, analyzed malware designed to steal sensitive information from infected machines. The researchers developed techniques for studying the "dropzones" -- servers that are used by attackers to store stolen information.
Over a seven-month period, they were able to access more than 70 unique dropzones and found about 33GB of stolen data from more than 170,000 compromised machines. Among the stolen data, the researchers found more than 10,700 stolen online bank account credentials, about 149,000 stolen email passwords, and 5,600 full credit card details.
Using a Symantec Corp. study, the researchers estimated the potential value of the stolen credentials at several millions of dollars. Symantec released a report in November on the value of stolen data.
"The results of analyzing the potential income of an attacker indicate that an attacker can earn several hundred dollars per day based on impersonation attacks with keyloggers -- a seemingly lucrative business." Holz, one of the founders of the German Honeynet Project, wrote in the Honeyblog.
The analysis also showed that nearly one-third of the infected machines are located in either Russia or the U.S.
Researchers looked in detail at two pieces of malware -- ZeuS/Wsnpoem and Limbo/Nethell -- that fall into a class of attacks they call impersonation attacks, where criminals want to steal a credential in order to impersonate a victim at a banking or other website. The attack channel for the ZeuS/Wsnpoem family of malware is spam that contains a keylogger as an attachment, while Limbo/Nethell malware often lures victims to malicious websites, according to the study.
Due to the sensitive nature of the data collected in the study, the research team gave it to AusCERT, the national Computer Emergency Response Team for Australia, Holz noted in his blog posting.
He also said the best ways to protect against the threats described in the study are patching, not clicking on all links and attachments, and using two-factor authentication when conducting bank transactions.
Similar
Add comment
knowledge_central_tab
Knowledge Central
Accelerating the Deployment of the Evolved Cyber Range
Ixia BreakingPoint creates an Internet-scale cyber range environment from a single 7-inch-high device for arming and training cyber warriors. Learn how BreakingPoint can be used by organizations to defend national interests by assessing, educating, and certifying elite cyber warriors and equipping those forces to harden the resiliency of critical network and data center infrastructures.
A Six-Step Plan for Competitive Device Evaluations
This paper presents a six-step methodology for conducting competitive product evaluations that provide advance insight into the performance, security, and stability of devices within production network and data center environments. Following this will give insights on how to evaluate and select the network or security devices for Enterprise, Federal, and Carrier Infrastructures
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.
