Family of Banker Trojans Expand

Twenty percent of all trojans detected in 2006 stole bank details, said PandaLabs. This category of trojans called 'Banker Trojans' was also found to be the most frequent.

Banker trojans are used to hack bank websites and steal the necessary information of the customers from the site's pages. Such information comprises account numbers, credit card numbers, passwords and PINs. The trojans then transmit all the details to the Trojan creator who uses it for stealing money or committing identity theft.

During 2006, especially in the last quarter, the number of Trojan variants appeared to increase. Panda ActiveScan detected the Banker family of trojans among them as most frequently. It accounted for 52.15% of the total Trojans. A host of new variants emerged such as Bancos (2.36%), Banbra (39.08%), Banking (0.09%) and Goldun (6.32%).

According to current trends, there is no bank offering online service that a banker Trojan could not target. A number of such trojans are variants of different trojans that had surfaced earlier. These variants led to expansion of the Trojan families.

The Banker.CJA variant was the most noteworthy banker Trojan last year. It associates with the family of banker Trojan by the same name. The Trojan has proved successful in preventing online bank users from obtaining the legitimate website on their browsers. Instead it redirects the users to a spoofed site in order to capture their online banking details. Another variant similarly restricting user access to bank websites is Banker.DJH. It is capable of stealing secret data from the affected user's e-mail accounts.

The evolution of banker trojans in variety and number is due to financial motives of cyber criminals. The malware is uniquely designed to target specific online service what makes them difficult to detect and isolate. The signature files of the traditional anti-virus solutions do not include the new variants. Thus says Mikel Perez, Head of Malware Detection Department of Panda Software, it is important to develop signature files that combine with proactive technologies that perform adequately in identifying both new and unknown threats. Perez made the statement that SecurityPark published on January 24, 2007.

» SPAMfighter News - 1/31/2007