Jump to content

Ransom malware merged with bank Trojan in new attack

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Adding injury to insult, fraudsters have merged the phenomenon of ransom Trojans with banking malware, producing a hybrid that demands money before attempting to steal user logins.

 

Noticed by several security firms since the turn of the year, the web drive-by Reveton Trojan tries to coax victims into handing over payments of up to $100 with the warning that they have been found accessing violent and child porn content by the US Department of Justice.

 

After locking up the PC to gain the user's attention (the sophistication of this is unclear), the malware demands payment using cash transfer services that vary according to the geography of the victim's IP address.

 

So far the Trojan behaves like one of a growing number of ransom Trojans that have spread across the Internet in the last year, almost certainly the work of the same small family of Russian gangs, according to a recent Trend Micro analysis.

 

Although not a new Trojan, Reveton's latest sting in the tail is that it now deploys the Citadel banking Trojan as a follow-up attack. A development of the notorious Zeus Trojan that ran amok across online bank websites in 2010, Citadel normally steals logins using man-in-the-browser and key-logging, but can also pilfer corporate logins if configured to do so.

 

"It is clear from this and similar attacks we have discovered recently that financial malware has achieved a technological level of sophistication which enables it to be used to carry out virtually any type of cyber-attack," said Amit Klein of browser security firm Trusteer.

 

Just as security defences are becoming more layered, so attackers are adopting the same design principle, combining different attacks into hybrids that can be varied by geography or the type of victim.

 

"Through a combination of social engineering, data capturing and communication tampering these attacks are being used by criminals to target applications, systems and networks belonging to financial institutions, enterprises, and government agencies," said Klein.

 

The primary ransom attack has been Detected by Microsoft as Trojan:Win32/Reveton.A since February. The malware's fusion with the Citadel Trojan, noticed by Trusteer, appears more recent.

 

 

 

Source:

http://www.networkworld.com/news/2012/050212-ransom-malware-merged-with-bank-258891.html?source=nww_rss

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...