A possible solution for banking Trojans?

ZeuS, Spy Eye, Mariposa – these are just some of the many information-stealing Trojans out there. ZeuS is, hands down, the most prominent. Its longevity is assured by the myriad of variants that are put into circulation daily.

The ZeuS botnet command centres are spread all over the world, and the recent disconnection of the Troyak ISP showed that bot herders are ready for such actions, which prove to be only minor inconveniences. So, this approach obviously doesn’t work. But, what does?

Kaspersky Lab virus analyst Yury Mashevsky tries to shed some light. According to him, the antivirus industry is failing to keep pace with the malware authors. Statistics show that the number of unique undetected malicious programs used to steal money from Internet users is rising exponentially:

Also, by the time the antivirus manufacturers provide the signatures needed for their programs to detect the malware, it is already too late for many users – the information is already stolen.

The process of releasing a valid signature can take up to several hours, and malware authors know this. That’s why they release new malware or variants of the same malware every few hours. In truth, antivirus vendors need to approach the problem from another angle, because the signature-based one and the generic detection aren’t getting the job done.

Another reason why theft of money directly from bank accounts is also on the rise is because the number of attacks on financial institution is also growing exponentially. Luckily, there is a growing awareness about it among the management of these institution, and some of them have moved towards implementing their own methods of defense against unauthorized money transactions. Among those are:

• Virtual keyboards
• Secret questions and keywords
• Biometric authentication
• Use of portable devices such as USBs for additional authorization
• Use of Transaction Authorization Numbers (TANs) to confirm the transaction.

Unfortunately, even these hurdles can be overcome by the more resourceful criminals, but at least they made the process more difficult, which can be a deterrent for many.

Mashevsky offers his vision of the steps antivirus developers and financial institutions should take to improve security.

Cloud antivirus technology should be added to the existing methods of detection. With it, new threats are detected and blocked within minutes of their emergence. Also, this technology allows the developers to get a glimpse of the big picture (when, where, what, who and how the attacks were initiated), and would them to provide the financial institutions with this information in real-time.

The problem with this approach is that the collection of attack-related information might be somewhat difficult, since banking clients would have to use the same antivirus software (impossible scenario). Also, financial institutions are not allowed to send out client information to external companies.

To counter these problems, Mashevsky advocates a direct cooperation between the two industries by enacting the following steps:

• The installation of a malware detection solution into the client side – no personal data is required
• Threat analysis centers managed by the bank’s in-house IT departments, where the bank can decide what information to forward to the antivirus developers.
• Customers of the bank would be appraised of the current threats and how to eschew them by the analytical centers.

Another thing that must be improved is the cooperation between governments, because there are no borders on the Internet and criminals can strike anywhere.