Heimdal Online Security: Top 10 Most Dangerous Financial Malware



Most-Dangerous-Financial-Malware_r4_c1.p

The Top 10 Most Dangerous Malware That Can Empty Your Bank Account [Updated]

At the beginning of June 2014, a large international effort – named Operation Tovar – involving US and European enforcement agencies and security firms worldwide, blocked the spread of Zeus Gameover botnet and managed to control servers that were important for CryptoLocker, the well-known ransomware, which encrypts system files and demands a ransom in exchange for the decryption key.

Gameover Zeus and Cryptolocker are some of the most well-known pieces of malware that target financial data, but there are many other variants and types of credentials stealing Trojans out there that you need to pay attention to.

We organized a list of the most dangerous financial malware out there. Just to make sure you understand our approach and intentions, what you’ll find below is a short presentation for some of the most advanced credential-stealing Trojans on the web.

Nevertheless, you can rest assured that Heimdal PRO is one of the few security solutions that can protect you from these advanced pieces of malware.

 

Top 10 Most Dangerous Financial Malware

1.Zbot/Zeus

Zeus, also known as Zbot, is a notorious Trojan which infects Windows users and tries to retrieve confidential information from the infected computers. Once it is installed, it also tries to download configuration files and updates from the Internet. The Zeus files are created and customized using a Trojan-building toolkit, which is available online for cybercriminals.

Zeus has been created to steal private data from the infected systems, such as system information, passwords, banking credentials or other financial details and it can be customized to gather banking details in specific countries and by using various methods. Using the retrieved information, cybercriminals log into banking accounts and make unauthorized money transfers through a complex network of computers.

Zbot/Zeus is based on the client-server model and requires a Command and Control server to send and receive information across the network. The single Command and Control server is considered to be the weak point in the malware architecture and it is the target of law enforcement agencies when dealing with Zeus.

To counter this weak point, the latest variant of Zeus/Zbot have included a DGA (domain generation algorithm), which makes the Command and Control servers resistant to takedown attempts. The DGA generates a list of domain names to which the bots try to connect in case the Command and Control server cannot be reached.

Zeus/Zbot, known by many names including PRG and Infostealer, has already infected as many as 3.6 million systems in the United States. In 2009, security analysts found that the Zeus spread on more than 70,000 accounts of banks and businesses including NASA and the Bank of America.

 

2.Zeus Gameover (P2P) (Zeus family)

Zeus Gameover is a variant of the Zeus family – the infamous family of financial stealing malware – which relies upon a peer-to-peer botnet infrastructure.

The network configuration removes the need for a centralized Command and Control server, including a DGA (Domain Generation Algorithm) which produces new domains in case the peers cannot be reached. The generated peers in the botnet can act as independent Command and Control servers and are able to download commands or configuration files between them, finally sending the stolen data to the malicious servers.

Zeus Gameover is used by cybercriminals to collect financial information, targeting various user data from credentials, credit card numbers and passwords to any other private information which might prove useful in retrieving a victim’s banking information. GameOver Zeus is estimated to have infected 1 million users around the world.

READ: 3. SpyEye (Zeus family)