trilium banner March 2012
     

24/08/2011

By Scott Thompson

Trusteer says that the 18 month old file infecting worm Win32.Ramnit has morphed into financial malware and is actively attacking banks to commit online fraud.

Ramnit configurations captured and reverse engineered by the company were found to incorporate tactics from the Zeus financial malware platform. Ramnit has borrowed from Zeus the ability to inject HTML code into a web browser, which it is using to bypass two-factor authentication and transaction signing systems used by financial institutions to protect online banking sessions.

The financial malware version of Ramnit was discovered by Trusteer’s fraud analysts using the Pinpoint zero-day anomaly detection system and Flashlight remote incident investigation system. Ramnit’s command and control servers are located in Germany and are currently live. According to the Symantec Intelligence Report for July, Ramnit accounts for 17.3 percent of all new malicious software infections. This number is consistent with Trusteer's findings that tens of thousands of machines used for online banking are currently infected with Ramnit.

Ramnit was first detected in 2010 and targets .EXE, .SCR, .DLL. .HTML and other file types. File infection is an old school virus technique that is rarely seen in modern financial malware. The evolution of Ramnit into a fraud tool was made possible when the source code of the notorious Zeus financial malware platform was made freely available on the Internet earlier this year. Since then, fraudsters and malware authors have borrowed parts of the Zeus toolkit and incorporated into other malware. Trusteer researchers found the method used to configure Ramnit to target a specific bank is identical to the one used by Zeus. This allows fraudsters who have written configurations for Zeus to easily port their configuration to Ramnit.

“The metamorphosis of Ramnit into financial malware is a sign of things to come now that the Zeus source code has been made openly available to anyone on the internet,” says Amit Klein, CTO of Trusteer. “Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program - old or new. The malware distribution channel for fraudsters has increased in scale significantly.”

Home     More News


Other stories you may find of interest:

News in brief - September 2010
A round-up by FST

News in brief - March 2011
A round-up by FST

Solid online/m-banking growth Stateside
Mobile and online banking adoption grew solidly in the US last year and there was an upward trend in customer satisfaction

bankers accuity may 2012


six_group

tdwi


FStech Whitepapers
Are We There Yet? Zero-Wait BI for Everyone
This CITO Research white paper, examines the business benefits of enabling users to perform their own data analysis, without making continual demands on IT.
Mobility Is Exploding: Are You Ready?
Mobile business intelligence replaces static information with real-time information, empowering data-driven decisions on the spot. This paper describes use cases to for bringing not just BI, but business discovery, to the front lines of your business.
Single Customer View in Financial Service
This white paper outlines what a single customer view is and what the UK requirements are, why this represents best practice and how it can be advantageous to the business, and the techniques and technologies that will be most effective in establishing and maintaining such an approach.
TATA Consultancy Services - Cloud Computing
Cloud computing is the convergence of virtualization, distributed applications, grid, maturity of enterprise software applications and enterprise IT management.
Genesys. Sustained Management: Changing the Game with Genesys iWD
The article explains how Genesys intelligent Workload Distribution (iWD) has the power to change the game in the contact center space based on new visibility into tracking, reporting, and performance management
Research Study: The Revolution in Self-Service Channels in the Financial Services Sector
This report analyses the growth of consumer self-service channels in key areas of the Financial Services Market
Genesys. Staffing and Workload Management:
Fleshes out the importance of properly managing contact center and back office work, especially through the alignment of employee skill sets.
Genesys. The Importance of Proper Hiring, Training, Career Path Development, Skilling, and Routing
Which explains why it is imperative to implement these factors correctly in the contact center and back office to ensure competent customer interactions.
Dataflux Video

This website is a part of Perspective Publishing Limited, registered in England No 2876166.