Community
Thirty years from now if I’ll ever look back and read my old blogs, I’m sure I’ll agree with what my current self is about to state: There was never a better time to be a cybercriminal than in good old 2009.
So many things worked in favor of online fraudsters that I doubt if there’ll ever be a year as good as 2009, assuming you’re crooks trying to empty unsuspecting victims’ accounts.
2009 featured three main trends that lined up in a rare celestial alignment. Knowing that it’s after New Year and we all have tons of emails to read, I’ll divide this blog to 3 entries and talk about the trend and the solutions the industry developed against it.
Point-and-Shoot High-Grade Trojan Horses
Lets take a step back for a minute and talk about Trojans. We all know what Trojans are, but how many consumers know what a financial Trojan horse can do? Most people still think of viruses as something that will destroy their hard drive; Trojan Horses have a different objective. They want your PC to work perfectly… Until you access your online banking account.
Trojans have cool names. Torpig, now known as Sinowal, terrorized the European financial industry as soon as 2006. Limbo, one of the first massively used HTML injection kits, dominated the fraud underground in 2007. And in 2008 a new incumbent appeared in the dark cybercrime sky: Zeus. User-friendly, stealthy and highly customizable, Zeus quickly became the weapon of choice of many fraudsters.
In 2009, Zeus 2.0 emerged as the clear winner of the Trojan War. Now armed with full Man in the Browser capabilities and real time alerts, Zeus 2.0 allows a fraudster with little technical know-how to empty a victim’s account in seconds, transferring funds to a mule account while circumventing virtually every form of strong authentication through a combination of social engineering and session hijacking. Thousands of individuals and small criminal groups use Zeus 2.0; each infect on average thousands of PCs, resulting in millions of compromised machines spied upon by the cybercriminals.
Zeus 2.0 records almost everything you do on your PC: credentials to just about any site of interest to the fraudsters; HTPPs traffic; even HTTP forms. It grabs data stored in your browser’s protected storage area. It even copies your clipboard: who knows, maybe this will become useful. The result: terabytes of data stolen by each Z-bot.
ZeusTa (see image below), a complete ‘Fraud as a Service’ offering, took it one step further: for $120 per month you get Zeus 2.0 hosted in a bulletproof server and connected to a high grade infection kit, so you can just get thousands of infected PCs send gigabytes of stolen records to your ZeusTa inbox. All of a sudden, every petty cyber thug that was once involved in small credit card scams, could access WMD-grade crimeware without even knowing how to spell ‘Trojan’. It’s like my 3 megapixel point-and-shoot camera installed in my Nokia cell phone: you don’t need to be an Alfred Eisenstaedt or an Annie Leibovitz to get satisfactory results.
Other Trojans also bob in and out of the murky swamp of cybercrime. Most of them are syndicate crime groups operating a Trojan, rather than a kit for sale in the underground. After the massively popular Zeus and the notorious Sinowal there’s a long tail of other Trojans. Here are a few examples: Clampi hits mainly corporate accounts; URL Zone infests European PCs; Silentbanker kicked back to action recently.
Industry Response
The UK Payments Administration reported 39 million pounds in H1 2009 online banking losses, a fracture of the 233 million pounds lost in card fraud over the same period. While the figure is higher than last year, there’s no exponential growth. It shows the financial sector did not sit idle, watching Trojans evolve into a lethal threat without developing counter-measures, such as:
To summarize, 2009 was a great year for fraudsters in terms of the tools and services at their disposal. Like point-and-shoot cameras, Trojans today provide superior results without requiring a great technical skill.
Remember this is the first of 3 major trends… So from a fraudster’s perspective, things get even better in my next post.
.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Valeriya Kushchuk Digital Marketing Manager at Narvi Payments
28 November
Alex Kreger Founder & CEO at UXDA
27 November
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
Amr Adawi Co-Founder and Co-CEO at MetaWealth
25 November
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.