In 2007, antivirus vendors saw a huge increase in the number of malicious programs targeting banks (financial malware). In spite of a lack of clear information from the financial sector, this indicates a corresponding increase in the number of attacks on banks.
Notwithstanding an increased number of attacks, as the graph above shows, the percentage of financial malware detected each month is dropping. The reasons for this are detailed next:
- Malware authors constantly change their programs in order to evade detection by antivirus solutions. However, if the changes made are minor, AV vendors will still be able to detect new malware samples using signatures created for previous variants.
- The graph above only covers financial malware. However, banking attacks are usually a multi-step process: social engineering, phishing, and the use of Trojan-Downloaders which then download the financial malware. It's easier for the criminals to modify the Trojan-Downloader programs (which are usually smaller in size, and generally less complex) than the financial malware itself.
This means that the vast majority of such malicious programs is designed to attack between one and three banks. The reason for this is that financial malware tends to be highly regional, with specific programs being designed to target specific banks or institutions within a single region. Individual pieces of malware will therefore be designed to attack the most widely used banks within a region such as the USA, Germany, Mexico or the UK. The vast majority of financial malware targets a relatively small number of banks, as the graph below shows. There are probably two reasons why these banks are such popular targets: first, because they have a large number of customers, and secondly, it is relatively easy to obtain credentials to access accounts held with these banks, due to lax security.