Financial Trojan Attacks Against Banks Rose Sharply in 2013: Symantec

The incidence of malicious software used to steal money from bank accounts more than tripled in 2013 over the previous year, according to a Symantec study.

Online thieves had a successful year in 2013, infecting three times as many computers, targeting a broader collection of nations' financial institutions and branching out into Bitcoins, according to the latest analysis by security firm Symantec.

In a report surveying the impact of financial Trojans—the malicious software used to compromise consumers' PCs and steal money from their bank accounts—Symantec discovered 237 percent more infections in the first nine months of the year, compared to the previous year, the company stated in a blog post.

While the owner of an infected computer may not necessarily be a victim of financial fraud, their accounts are in much higher danger, Vikram Thakur, a researcher with Symantec Security Response, told eWEEK.

"They have been infected, so they will likely be a target," he said. "These are not idle threats; we know the threats work, because we've seen the code."

Today's financial Trojans are much evolved from their ancestors of a decade ago. While most financial Trojans are descendants of two major families, Zeus and Spyeye, many modern malicious programs typically include a broader range of capabilities, according to Symantec. In addition to including ways to inject content into browsers, known as web injects or man-in-the-browser attacks, newer Trojans specifically target financial institutions with tailored content.

Looking at the financial institutions targeted by the attacks, Symantec found that the most popular victim was a U.S. bank, which accounts for nearly 72 percent of the Trojan attacks. In fact, half of the top-10 most targeted institutions were based in the United States, three were from the United Kingdom, one from Italy and one based in a trio of nations, including Columbia, Spain and the United Kingdom.

Symantec gathered the data from the occasional access to the command-and-control servers that were left unprotected by online thieves and from actual Trojan binaries recovered from infected systems on which its security product was subsequently installed.

In total, the company analyzed 1,086 configuration files from malicious programs targeting more than 1,400 financial institutions and infecting more than 1 million computers in the United States. Other targeted countries include Japan, the United Kingdom, Germany, Canada and Australia.

The long tail of targeted institutions includes banks in Asia, the Middle East and Africa—any country with a sizable and somewhat affluent population.

"Proactive measures need to be taken to ensure that adequate security mechanisms are in place," Symantec said in its report. "Strong measures will deter attackers from targeting these institutions."

Symantec also noted an increase in the number of cyber-attacks that target the Bitcoin virtual currency that has gained a following among digerati and online criminals for its ability to allow anonymous transactions. Bitcoins are created by solving complex calculations that require a great deal of processing time, an activity known as mining. Some criminals, such as those behind the ZeroAccess Trojan, have used botnets for mining. Others have searched for and stolen Bitcoin wallets.

"We expect that attackers' interest in this digital currency will grow further," Symantec stated in the report.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...