Top banking botnets study victims' behaviour, Dell report reveals

Five of the top eight banking Trojans capture snapshots of victims’ behaviour, profiling their online interactions, Dell research reveals

Five of the top eight banking Trojans can capture snapshots of victims’ behaviour, according to a research report from Dell Secureworks.

The malware does not just capture bank details and login credentials, but also helps attackers build up a picture of user behaviour and interactions with banking sites.

By building up a profile, cyber criminals mimic user behaviour to bypass security systems designed to detect unusual activity.

The snapshots show attackers how to move money around banking networks and provide information such as how long it takes to enter data that goes into the banks' automated transfer systems.

According to the report, cyber criminals also use information about victims’ behaviour to hide their own digital footprints when they steal the money from the victims’ bank accounts.

Cheap storage and higher bandwidth net links help cyber thieves to extract image streams, according to Brett Stone-Gross, a senior researcher at Dell and co-author of the report.

Stone-Gross said this method had been used by cyber criminals to steal millions of dollars from bank accounts in mostly unreported thefts, reports the BBC.

Some of the botnets linked to malware covered by the report first emerged in 2006-7, and have survived repeated attempts to shut them down.

"Their longevity is a testament to how much money is involved and how lucrative they are," said Stone-Gross.

According to the report, the top banking Trojans have targeted customers at 900 banks and other financial institutions in more than 65 countries.

While all users of online banking are at risk, Stone-Gross said cyber criminals are increasingly targeting people with access to commercial banking and payroll systems.

The banking Trojan malware is typically distributed through malicious email attachments, compromised websites and online adverts injected with malicious code.

Some of the biggest online heists have used denial of service (DoS) attacks to create a diversion and prevent victims from accessing their accounts.

Top banking botnets

  • Zeus
  • IceIX
  • Citadel
  • Gameover Zeus
  • Shylock
  • Bugat
  • Gozi
  • Torpig


Read more on Hackers and cybercrime prevention