Infected bank computers part of massive botnet, Finjan says

By Marcia Savage, Features Editor, Information Security magazine 22 Apr 2009 | SearchFinancialSecurity.com

Security technology news and tips for financial services pros Digg This!     StumbleUpon     Del.icio.us

Finjan discovered the large-scale network of malware-infected computers in February as part of its research into the command-and-control servers operated by cybercriminals, said Ophir Shalitin, director of marketing at the San Jose, California-based security vendor. The command-and-control server for the botnet is hosted in the Ukraine and operated by six cybercriminals, he said.

The botnet, which continues to grow, has infected computers from 77 government domains, including 61 from the U.S., and large corporations, along with large U.S. banks, Shalitin said. Finjan notified law enforcement officials about the compromised systems as well as affected companies and government agencies.

Finjan researchers said the botnet's command-and-control server has a backend management application that makes it easy for attackers to manage the infected machines and order the bots to download additional malware. The malware allows attackers to remotely read emails, copy files, record keystrokes, launch spam attacks and take screen shots.

"They could do almost anything with the infected computer," Shalitin said.

See all our coverage of RSA Conference 2009: SearchSecurity.com and Information Security magazine editors are in San Francisco to bring you the biggest RSA Conference 2009 news stories, interviews, podcasts, videos and more.

"The nightmare we can imagine here is that some computers inside banks or large organizations can be traded as part of a botnet resource for sale," he added.

Compromised websites, many of them legitimate, were the source of the malware, he said. Of the computers infected, 45% were from the U.S., according to Finjan.

Web-based attacks were the primary source of malware infections in 2008, according to Symantec's Internet Security Threat Report XIV released earlier this month. Most of these attacks are launched against users who visit legitimate websites rigged with malware, the Cupertino, Calif.-based security vendor said.

Last year, 63% of vulnerabilities documented by Symantec affected Web applications. That's up from 59% in 2007.

Shalitin said there are several steps organizations can take to protect themselves, including installing a secure Web gateway (which Finjan sells), and making sure Web vulnerabilities are patched. Researchers tested one of the botnet's Trojans against 39 antivirus products and found that only four detected it, he said.

Tags: Emerging security threats and attacks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging security threats and attacks Gartner's Avivah Litan on the online banking fraud surge UK police arrest two in connection with Zeus Trojan Fraudulent emails pretend to be from NACHA Four hackers indicted in RBS WorldPay breach ACH fraud scams total $100 million, FBI says FDIC warns of rise in "money mule" schemes FDIC warns of bogus emails Bank Trojan used against German accounts evades antifraud systems Wyoming bank sues Google after bank employee email mishap California man sentenced in online brokerage scam

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary