Russian and Ukrainian banks have been lately trying to stop the onslaught of BlackEnergy 2, a Trojan that manages to bypass the Java application that the customers use to authenticate themselves when accessing their accounts, steals the credentials, and then proceeds to bombard the same application with data until it crashes - diverting the bank's attention from the heist in progress.
According to Joe Stewart, a researcher with Secure Works, the people behind these attacks are Eastern European criminal gangs. The attacks started in late 2009, and they are still being carried out. The exclusive targets are banks (and customers) from Russia and Ukraine. The Registerreports that Stewartanalyzedthe Trojan and has presented his findings at the Forum of Incident Response and Security Team (FIRST) being held this week in Miami. He claims that the Trojan has been modeled upon BlackEnergy, the DDoS Trojan (mis)used in the Russian/Georgian conflict in 2008.