...2009 saw bank malware reach new alarming new levels of sophistication with the Zeus Trojan leading the pack.
This year, banking Trojans and the cybercriminals behind them became adept at man-in-the middle attacks in order to hijack online banking sessions, circumvent two-factor authentication and snatch money in real time.
Zeus -- also called Zbot -- and its many variants have been plaguing the Internet, infecting PCs at a rapid clip and siphoning money from commercial bank accounts. The Clampi Trojan, which uses encryption to hide its tracks, has also spread rapidly and victimized commercial online banking customers and URLzone hijacked bank accounts with techniques designed to evade antifraud systems.
These types of nasty banking Trojans, combined with an infection rate that's 10 times higher than last year and a bad economy in which it's easy to recruit others into fraudulent activity, has created almost a "celestial alignment for cybercriminals," said Uri Rivner, head of new technologies, identity protection and verification at RSA, the security division of EMC Corp.
Evolution from keyloggers
In the past, malicious code designed for banking fraud mostly relied on keyloggers to steal online banking credentials, researchers said. While some keyloggers captured everything in their quest for sensitive data, some captured only keystrokes from Web browser windows with bank names in the titles or words like login, said Marc Fossi, manager of...
Continue Reading about Zeus, Clampi and URLzone at Search Financial Security dot com.