A deviously implemented malware campaign has been detected in the UK. It has been targeting the private financial information of thousands of users whilst simultaneously staying off the radar of most mainstream anti-virus software vendors.
Anyone who regularly banks online is at risk from the malware, which has the ability to harvest passwords and customer numbers which then can be used to make transactions within an individual’s account which seem legitimate to the bank, but are actually the work of criminals.
One out of every 500 computers in the UK is infected with the Silon.var2 malware, whilst one in 5000 has Agent.DBJP onboard, according to security firm Trusteer. This penetration level is much lower than in the USA, but as a result of the regional, small scale targeting it has been much harder for the large security vendors to react to what seems to be a limited, local issue.
Two botnets based in the UK have also been identified and the specificity of these is equally troubling, as UK banks seem to be the only target, with UK-based computers being harnessed to make the attacks. This tactic is another that aims to circumvent the conventional malware detection process of anti-virus firms and it seems as though the criminals have been able to work around many security systems that would usually guarantee the protection of personal data.
The group behind this malware are targeting UK citizens through spam campaigns which centre around local issues, as well as piggybacking on formerly legitimate websites which have become compromised.
Trusteer’s Mickey Boodaei said that a small number of UK banks were being targeted by the current campaign, with between three and seven being hit at the same time, as opposed to the hundreds of financial institution which can be targeted by the better known data theft tools which are thus largely defeated by the anti-virus vendors.
The small group of target banks are repeatedly attacked for up to nine months at a time, according to Mr Boodaei, before the focus of the criminals changes and the malicious software evolves.
