Six Banking Trojans Circulating Past Few Months

Six banker Trojans, each one a different sample, have been attacking Internauts in recent months. These Trojans are Kronos, Zeus, Dridex, Ursnif, Gootkit and Vawtrak. Apparently, fraudulent e-mails carrying malevolent web-links along with tainted Word files having malevolent macros as well as OLE objects is the key technique to spread the infections.

Now, it isn't necessary that banker Trojans' operation would be from the target end-users' countries instead they would operate from the countries where the banks or institutes of finance to be targeted are based. Also, more than one Trojan would operate in some instances like in the developed countries where money is more with the people there in the form of large bank balances. Softpedia.com posted this online dated July 1, 2016.

Of all 6 Trojans, Kronos surfaced on 17th May this year (2016) that utilized one false security alert from Microsoft, leading end-users onto one web-link infected with the Kronos executable. This malware was devised for attacking U.S, Australian and Canadian financial institutions.

Another Trojan surfaced on 6th June same year while looking like one delivery notice from Canada Post. Here the malevolent payload - Dridex botnet 220, which would target different Canadian financial online sites, came bundled with harmful macros.

The third Trojan attacked 20 days afterwards that is on 26th June when criminals used Office documents containing OLE objects in the same way as macros that launched JS code that then pulled down and ran Gootkit banker Trojan.

Then was detected Vawtrak the banker Trojan that used fake UPS notices in spam mails targeting British and Canadian Internauts. The spam messages contained Office documents which directed recipients towards enabling their macros that if done would result in Vawtrak infection.

Two additional outbreaks which disseminated Zeus and Ursnif too got identified.

Overall, Canadian online bankers have been urged for keeping watch on e-threats, particularly ones that use phishing tactics through electronic mail.

Internauts are reiterated for exercising caution with inbound e-mails' sources, particularly those asking for extra actions with outside files else web-links. Moreover, attachments coming through e-mail that prompt macros' utilization should be given special attention.

» SPAMfighter News - 7/7/2016