142 Wooster St.
10012 New York, us
+1 (781) 237-0341
Trusteer Discovers New Worm-Based Financial Malware
Well Known Ramnit Worm Incorporates Tactics from Zeus Trojan to Commit Online Banking Fraud(PresseBox) ( London, )
The financial malware version of Ramnit was discovered by Trusteer's fraud analysts using the Trusteer Pinpoint zero-day anomaly detection system and Trusteer Flashlight remote incident investigation system. Ramnit's command and control servers are located in Germany and are currently live. According to the Symantec Intelligence Report for July, Ramnit accounts for 17.3 percent of all new malicious software infections. This number is consistent with Trusteer's findings that tens of thousands of machines used for online banking are currently infected with Ramnit.
Ramnit was first detected in 2010 and targets .EXE, .SCR, .DLL. .HTML and other file types. File infection is an old school virus technique that is rarely seen in modern financial malware. The evolution of Ramnit into a fraud tool was made possible when the source code of the notorious Zeus financial malware platform was made freely available on the Internet earlier this year. Since then, fraudsters and malware authors have borrowed parts of the Zeus toolkit and incorporated into other malware. Trusteer researchers found the method used to configure Ramnit to target a specific bank is identical to the one used by Zeus. This allows fraudsters who have written configurations for Zeus to easily port their configuration to Ramnit.
"The metamorphosis of Ramnit into financial malware is a sign of things to come now that the Zeus source code has been made openly available to anyone on the Internet," said Amit Klein, CTO of Trusteer. "Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program -- old or new. The malware distribution channel for fraudsters has increased in scale significantly."
Trusteer Pinpoint is capable of detecting and blocking Ramnit-related and zero-day fraud within a bank's web application, while Trusteer Rapport is capable of detecting, blocking, and preventing Ramnit infections on customer computers. More information on Ramnit, its configurations, and the code it uses against various banks is available to Trusteer customers in the Trusteer Situation Room. Additional public information on Ramnit is available in this Trusteer blog post https://www.trusteer.com/blog/ramnit-evolution-%E2%80%93-worm-financial-malware.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an email@example.com.