Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Zeus not the only bank Trojan threat, users warned

Threat from 'Bugat', 'SpyEye' and 'Carberp'

Online bank account users should not ignore the threat posed by obscure data-theft Trojans such as 'Bugat', 'SpyEye', and 'Carberp', security company Trusteer has warned.

In recent weeks, the Zeus bank Trojan has attracted all the attention with news of a number of successful online bank account raids, but other threats lurk, the company says.

One example is Bugat, on the face of it not the most frightening bank Trojan in circulation. Its incidence is low, and its incursions seem for the time being to be focussed on banks in the US rather than Europe.

However, according to Trusteer, there are signs that Bugat could now be favoured over the better-known Zeus, starting with a campaign from last week in which LinkedIn users were spammed as a method of spreading a new version further afield.

A similar attack was pioneered only days before that by Zeus, so such targeted Trojans could start to merge into one generalised threat distributing hard-to-block malware using identical channels.

"We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet," commented Trusteer CEO, Mickey Boodaei.

The threat is that new versions of these Trojans keep appearing, which makes detection trickier. The inherently stealthy nature of such malware means that they can appear to be relatively inactive while doing great damage, as was the case with Zeus.

Trusteer's view is that bank Trojans need to be countered in the browser with tools such as its own Rapport plug-in rather than using conventional antivirus software. Other companies seem keen to jump on this approach with their own plug-ins and tools.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: LinkedIn, Personal Tech, security, Trusteer
Latest Blog Posts
Whitepapers
  • Workshifting: a global market research report
    New business requirements are transforming the demands placed on IT. To operate effectively in today’s fast-paced global environment, organisations need to be able to get work done anywhere, anytime, by any type of worker to achieve the best results. This is the context for the rise of workshifting—the practice of moving work to the most optimal location, time and resources. As one of the most comprehensive reports ever conducted into the role of desktop virtualisation in enabling workplace flexibility and mobility, it reflects the growing consensus of those using technology to improve the performance of their organisation.
    Learn more »
  • Securing Vital Infrastructure
    A unified approach to information security can help modern vital infrastructure providers deal with evolving IT threats without compromising on communications or the demands of an increasingly mobile workforce. Flexible policies, combined with quality inbound threat detection, deep content inspection and encryption capabilities can help organisations to mitigate the risks – not just from outside the organisation, but also within it. Read this whitepaper.
    Learn more »
  • Networking Strategy Guide
    Articles include: IPv6 guide; How to get more out of Ethernet switches; High-speed Ethernet planning guide; Next-generation firewalls: In depth; How to lock down your wireless network. Read this Computerworld Networking Strategy Guide.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments