Trusteer Pinpoint Cloud Service Protects Against Malware Fraud

Trusteer's Pinpoint service examines Web traffic for signs the user's desktop is infected with Trojans such as SpyEye and Zeus that can steal funds or data.

A new security cloud service, which is being targeted at financial institutions with concerns about a new breed of aggressive banking Trojans, promises to detect malware within a PC without requiring any additional software.

The Pinpoint service allows companies concerned about online fraud or data theft to scan their Web traffic to ensure that an outside laptop or desktop that is brought into a corporate network is not infected with malware before allowing the visitor access to their Web services, according to Trusteer, which developed this cloud security application. If the Web traffic hints there are malware or other issues on the computer, the visitor is prompted with an option to download and install Trusteer Rapport, an in-browser removal tool, the company said March 16.

"Web fraud prevention is a three-legged stool that combines detection, protection and remediation," said Yaron Dycian, vice president of products for Trusteer.

With the rise of various banking Trojans, such as Zeus and SpyEye, many financial institutions are worried about users on infected machines accessing bank accounts. Experts estimate Zeus gangs stole millions of dollars from user accounts in 2010. Companies can add Pinpoint as an additional layer to complement their other security protections in place to prevent malware-related fraud, Dycian said.

While there are a number of Web security vendors out there that aim to do what Trusteer is doing, Pinpoint is unusual in that there is no appliance and the database that carries out the analysis is wholly stored in the cloud.

By performing the analysis in the cloud, Pinpoint avoids the problem of false positives, Trusteer said. The company claims an 80 percent detection rate and is "steadily increasing," as the service collects more information for its threat database.

Trusteer has pooled intelligence obtained from the millions of Rapport users around the world and has detailed information about malware command-and-control centers and what kind of network traffic an infected machine would have.

When a user tries to access a Pinpoint customer's Web service, Pinpoint scans the site's traffic in real-time to determine if the machine is exhibiting any behaviors associated with infected zombies, the company said. Service providers can configure Pinpoint to support both manual and automated responses.

For sites requiring a log-in, the cloud service scans user machines and allows users to successfully log in only if the system is clean. This way, if a malware is controlling the log-in process, it will be blocked from the site, Trusteer claimed. If an infected machine tries to log in, the company's IT department receive an alert about it. The IT manager at this point can decide whether to stop the transaction or to turn on additional security options.

Organizations can also use Pinpoint to scan network traffic before allowing certain transactions, regardless of whether the user is logged in, Trusteer said. It can be integrated with a risk-evaluation engine for scoring risk.

Trusteer said several major financial institutions in North America and Europe have been running a beta version of the service "for a number of months," but declined to name them.

While Pinpoint does not scan the user's machine internally, it does give its customers the ability to examine real-time network traffic to proactively find hints of malicious activity and to block fraud before it happens, Dycian said.

Pinpoint is priced at $10,000 a year for enterprises with less than 300 users.