Antivirus software is extremely poor at detecting the top three Trojans responsible for theft from UK financial institutions, says IT security firm Trusteer.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"Not one of the main antivirus products is able to detect all three," Mickey Boodaei, chief executive at Trusteer, told the e-Crime Congress 2010 in London.
Only 14 out of 42 antivirus engines tested detected the Zeus Trojan. The second most active Trojan, Silon, was detected by only Trend Micro's antivirus engine, and Yaludle, the third most prevalent Trojan, was picked up by only FSecure and Panda Software.
Banking institutions and their customers need more visibility of what malware is being used for online theft so they know exactly which of the thousands of types of malware they need to defend against most, Boodaei told Computer Weekly.
To meet this need, Trusteer has launched Flashlight, a remote fraud investigation and mitigation service, developed in collaboration with 50 banks worldwide, that identifies the attack source on a bank customer's PC.
A pilot of the service run in the UK's major banks including RBS, Santander and HSBC, was used to investigate 5,000 incidents in the past five months.
Analysis revealed that most of the attacks were associated with the Zeus trojan.
Zeus topped the list, being responsible for 65% of incidents, followed by Silon (25%) and Yaludle (10%).
"Zeus has been known since 2006, but still it is active on about one in every hundred PCs in the UK," said Boodaei.
Silon, which bypasses security tokens and banking card readers, is running on one in every 350 UK computers, while Yaludle is found on one in every thousand.
"By identifying exactly what malware is responsible for attacks, banks can easily identify any gaps in their defences and build more effective malware prevention strategies," said Boodaei.
Understanding exactly what the threats are should be an ongoing process that is core to any organisation's protection strategy and should be carried out before making any initial or additional IT security investments, he said.