Brazilian Banking Trojans Now More Sophisticated in Approach
According to the Kaspersky security experts, the miscreants propelling banker trojans originating from Brazil now-a-days have not stopped learning new ploys and are continuously polishing their craft.
Symantec, in February 2010, reported that as tens of millions of users are performing banking transactions online in Brazil, cyber crooks are finding online banking a lucrative target, especially in the usage of banking trojans to avoid security checks and two-factor authentication systems. These cyber goons are now working on making these trojans more intricate.
Kaspersky experts recently spotted an attack wherein a spam e-mail containing links to bogus images was distributed to people. Any attempt of user to download or execute the images would ultimately result in the installation of banking trojans on their PCs.
Experts commented (keeping Brazil in mind) that when the Banker Trojan is downloaded and installed by Trojan.Downloader on victim's PC, a new concept occurs. Brazilian coders, on one hand, conceal the downloading links by means of various tactics, and on the other, these coders also crypt the Trojan on the system to be downloaded.
The Brazilian coders employ various techniques to bypass an automotive analysis as well the monitoring mode by various anti-virus firms. According to Dmitry Bestuzhev, malware analyst at Kaspersky Lab, the malware can be detected by anti-malware products as a malicious file in case it is present on the machine. However, if the Trojan is encrypted, the process is much complicated, as reported by threat post on April 8, 2010.
The Trojan gets decrypted after the download process is over. Here, the mechanism of decryption is inculcated into the primary Trojan.Donloader, which downloads malware and then decrypts it to enable it to infect victims' systems. After the decryption, the malware starts with its last infection ploy, placing the Banker Trojan itself onto the system. From this system, sensitive data of the victim can be availed easily. Notably, using this novel technique, the Trojan has become more intricate and tougher to detect.
Experts said that these banking trojans have recently become one of the major Brazilian underground exports, owing to a moderately laidback legal environment related to cyber crime and highly practiced online banking. These pitfalls in the system have encouraged hackers to benefit at the maximum by enhancing their skills and writing sophisticated malware targeting the customers of a particular bank.
Related article: Brazilian President's Party Website Disrupted
» SPAMfighter News - 20-04-2010