The growing problem of banking Trojans

A new Trojan has been discovered swiping credentials of customers across various banks in the United States. Discovered by researchers at SecureWorks, the Bugat Trojan bears similar features as other better-known banking Trojans like Clampi and Zeus, though incidences of Bugat appear to be low for now.

SecureWorks security researcher Jason Milletary, blogged, "The emergence of Bugat reinforces that there is a strong demand for new malware to commit financial credential theft and that ACH (Automated Clearing House) and wire fraud remains a profitable venture for criminals."

Banking Trojans allow remote attackers to perform sophisticated man-in-the-middle attacks on web sessions--a technique that was once the domain of computer science textbooks or hacking demonstrations. Data from Neustar indicated however, that U.S.-based SMBs are losing an average of $100,000 to $200,000 per day to such attacks targeting online banking activities.

Network traffic to banking sites are surreptitiously channeled via the cybercriminal, and fraud could occur by swapping account numbers when transferring funds. Alternately, the Trojan could request for the one-time-code used by most banks when none is required, which is then used to log in from another location and wire funds out.

Additionally, banking Trojans are also known to utilize the use of SSL encryption to deter detection on the network, and widely distributed via botnets. Ultimately, protection from them is not impossible, but it requires that banks implement more robust measures.

For more on this story:
- check out this article at Dark Reading
- check out this article at eWeek 

Related Articles:
Rogue malware is money spinner for scammers
At least one trojan using Facebook as a command channel
Industry-wide phishing attack strikes thousands
Report: Trojan attacks up, phishing down in '09