Comments on: Banking trojans infest Internet http://lastwatchdog.com/banking-trojans-infest-internet/ on Internet security by Byron Acohido Wed, 10 Mar 2010 13:59:48 +0000 http://wordpress.org/?v=abc hourly 1 By: bank online http://lastwatchdog.com/banking-trojans-infest-internet/#comment-506 bank online Mon, 29 Jun 2009 23:44:43 +0000 http://lastwatchdog.com/?p=563#comment-506 The info you've given is spot on, believe me, I've been doing my research and you're info is some of the best out there. The info you’ve given is spot on, believe me, I’ve been doing my research and you’re info is some of the best out there.

]]> By: roflem http://lastwatchdog.com/banking-trojans-infest-internet/#comment-251 roflem Sun, 22 Mar 2009 12:38:26 +0000 http://lastwatchdog.com/?p=563#comment-251 in the ongoing race between virus bakeries and antivirus chemists, will there ever be a reverse movement? wont the bakers always be up front? isnt the blame to see at the banks and insurance companies? when I have 1.5 million identity sets with creditcard, PIN, mothers maiden name, dogs haircolour, etc...and send them to the CC companies, then check 6 months later to find those numbers are still being used but the owners ( whose tel# I have of course and call) are NOT being billed because they blocked the number 6 months ago!!! What the heck is going on? its the CC processors and banks who offload the loss to either insurances or certain "pots" !!!! The numbers continue to work because the processors dont give a wet poop !!! who is paying this in the end ??? in the ongoing race between virus bakeries and antivirus chemists, will there ever be a reverse movement? wont the bakers always be up front? isnt the blame to see at the banks and insurance companies? when I have 1.5 million identity sets with creditcard, PIN, mothers maiden name, dogs haircolour, etc…and send them to the CC companies, then check 6 months later to find those numbers are still being used but the owners ( whose tel# I have of course and call) are NOT being billed because they blocked the number 6 months ago!!! What the heck is going on? its the CC processors and banks who offload the loss to either insurances or certain “pots” !!!! The numbers continue to work because the processors dont give a wet poop !!!
who is paying this in the end ???

]]> By: Joe Sixpack http://lastwatchdog.com/banking-trojans-infest-internet/#comment-164 Joe Sixpack Wed, 04 Mar 2009 06:48:06 +0000 http://lastwatchdog.com/?p=563#comment-164 We've been using Linux desktops and servers at home and work for approximately the last 10 years and we've never had a virus or spyware. Or the need for anti-virus or anti-spyware. One misconfiguration (improper/not set up daemon (server application) due to lack of experience very early on did result in a rooted web server (measured in hours, not days, and the application was installed for learning about it, which didn't belong on a web server, and ssh was used to attack the application, succeed in logging in and then escalating) but the forensic analysis of that incident was an invaluable learning lesson (and an end user wouldn't be running a web server any way, otherwise we can compare current linux/apache with windows/iis). Since then an internet web server along with all desktops and internal servers have been rock solid (server uptimes measured in years, desktop uptimes measured in years ((not counting rarely required reboots for video card updates early on, or desktops shut down to save electricity where possible, ie, weekends on non-essential desktops)), reliable and unpenetrable. The only issues have been from a single desktop user who insists on using Windows. And the necessity of booting into Vista to install bios updates on dual-booting laptops (can't blow away windows because it's required for bios updates and if a warranty issue crops up during the warranty period). The biggest eye-opener comes from the occasional new employee who doesn't know they aren't using windows since their desktop only shows a few custom icons for the specific applications they need to use during the day and their desktops are normally always open to those specific applications and nothing else. The only thing they need to get used to is not closing their applications and shutting down the computer at the end of the day, instead they keep their apps open, their current work is saved but not shut down, and they get to start again the next day exactly where they left off the evening before. And the employees who come from other businesses who are still using Windows 95, Windows 98 (and for rebooting purposes to a lesser extent Windows XP, or even Windows for Workgroups who also used Windows 95/98), and who are used to rebooting after breaks or lunch or the afternoon because their desktop slows down after some hours of use, and who wonder why they never blue screen anymore. We’ve been using Linux desktops and servers at home and work for approximately the last 10 years and we’ve never had a virus or spyware. Or the need for anti-virus or anti-spyware. One misconfiguration (improper/not set up daemon (server application) due to lack of experience very early on did result in a rooted web server (measured in hours, not days, and the application was installed for learning about it, which didn’t belong on a web server, and ssh was used to attack the application, succeed in logging in and then escalating) but the forensic analysis of that incident was an invaluable learning lesson (and an end user wouldn’t be running a web server any way, otherwise we can compare current linux/apache with windows/iis). Since then an internet web server along with all desktops and internal servers have been rock solid (server uptimes measured in years, desktop uptimes measured in years ((not counting rarely required reboots for video card updates early on, or desktops shut down to save electricity where possible, ie, weekends on non-essential desktops)), reliable and unpenetrable. The only issues have been from a single desktop user who insists on using Windows. And the necessity of booting into Vista to install bios updates on dual-booting laptops (can’t blow away windows because it’s required for bios updates and if a warranty issue crops up during the warranty period).

The biggest eye-opener comes from the occasional new employee who doesn’t know they aren’t using windows since their desktop only shows a few custom icons for the specific applications they need to use during the day and their desktops are normally always open to those specific applications and nothing else. The only thing they need to get used to is not closing their applications and shutting down the computer at the end of the day, instead they keep their apps open, their current work is saved but not shut down, and they get to start again the next day exactly where they left off the evening before. And the employees who come from other businesses who are still using Windows 95, Windows 98 (and for rebooting purposes to a lesser extent Windows XP, or even Windows for Workgroups who also used Windows 95/98), and who are used to rebooting after breaks or lunch or the afternoon because their desktop slows down after some hours of use, and who wonder why they never blue screen anymore.

]]> By: Juan Santana http://lastwatchdog.com/banking-trojans-infest-internet/#comment-137 Juan Santana Fri, 27 Feb 2009 13:39:17 +0000 http://lastwatchdog.com/?p=563#comment-137 Byron, My thoughts on the effectiveness of the blend of signature-based and behavior-based protections on the market today, I would say that for the most part the blending of the technologies is standard amongst vendors and it does work. Of course there are always exceptions to the rule. For instance, many of our customers come from our competitors after their computer or network has already been compromised. Is this an engine, technology, or a resource failure? Well, it’s hard to tell because there are many factors, but in many cases cybercriminals develop malware to subvert the technology of larger vendors, leaving the end users open to attack. The biggest problem we tackled at Panda was not an engine or technology problem, it was a resource issue. When malware authors start to produce and distribute thousands of unique samples with the click of a button, it becomes a huge task to address. Our Collective Intelligence system automatically processes malware and creates signatures for over 99% of the 25,000 samples (avg) we receive on a daily basis. What do we do with the spare time? We’re developing the next innovative technology, of course ; -) On who’s doing what that’s most interesting and effective, I think that many vendors are currently mixing and adding small improvements to their engine functionality but we are not seeing any major technological advancement. In the next two years I expect to see more vendors integrating automated malware classification systems and cloud services into their core product lines. Juan Byron,

My thoughts on the effectiveness of the blend of signature-based and behavior-based protections on the market today, I would say that for the most part the blending of the technologies is standard amongst vendors and it does work. Of course there are always exceptions to the rule. For instance, many of our customers come from our competitors after their computer or network has already been compromised. Is this an engine, technology, or a resource failure? Well, it’s hard to tell because there are many factors, but in many cases cybercriminals develop malware to subvert the technology of larger vendors, leaving the end users open to attack.
The biggest problem we tackled at Panda was not an engine or technology problem, it was a resource issue. When malware authors start to produce and distribute thousands of unique samples with the click of a button, it becomes a huge task to address. Our Collective Intelligence system automatically processes malware and creates signatures for over 99% of the 25,000 samples (avg) we receive on a daily basis. What do we do with the spare time? We’re developing the next innovative technology, of course ; -)

On who’s doing what that’s most interesting and effective, I think that many vendors are currently mixing and adding small improvements to their engine functionality but we are not seeing any major technological advancement. In the next two years I expect to see more vendors integrating automated malware classification systems and cloud services into their core product lines.

Juan

]]> By: alex http://lastwatchdog.com/banking-trojans-infest-internet/#comment-136 alex Thu, 26 Feb 2009 17:42:29 +0000 http://lastwatchdog.com/?p=563#comment-136 Hi, thanks for this great article... I'm using TrustDefender which helped me detecting a silentbanker infection on my PC. Their blog (http://www.trustdefender.com/blog/) has lots of technical information. Hi,

thanks for this great article…

I’m using TrustDefender which helped me detecting a silentbanker infection on my PC.

Their blog (http://www.trustdefender.com/blog/) has lots of technical information.

]]> By: Mark http://lastwatchdog.com/banking-trojans-infest-internet/#comment-135 Mark Thu, 26 Feb 2009 01:49:49 +0000 http://lastwatchdog.com/?p=563#comment-135 Sorry for double post. The 2nd url is this: http://www.youtube.com/profile?user=mrizos&view=videos Sorry for double post. The 2nd url is this:

http://www.youtube.com/profile?user=mrizos&view=videos

]]> By: Miyagi http://lastwatchdog.com/banking-trojans-infest-internet/#comment-134 Miyagi Thu, 26 Feb 2009 01:48:49 +0000 http://lastwatchdog.com/?p=563#comment-134 Aloha Byron, Enjoyed reading your Zero Day Threat book. If you are looking for a security forum, Wilders is a great venue. http://www.wilderssecurity.com/forumdisplay.php?f=35 You might want to also check Matt's reviews where he actually performs anti-malware tests via Youtube. http://www.wilderssecurity.com/forumdisplay.php?f=35 Aloha Byron,

Enjoyed reading your Zero Day Threat book. If you are looking for a security forum, Wilders is a great venue.

http://www.wilderssecurity.com/forumdisplay.php?f=35

You might want to also check Matt’s reviews where he actually performs anti-malware tests via Youtube.

http://www.wilderssecurity.com/forumdisplay.php?f=35

]]> By: Andy Willingham http://lastwatchdog.com/banking-trojans-infest-internet/#comment-130 Andy Willingham Tue, 24 Feb 2009 14:50:35 +0000 http://lastwatchdog.com/?p=563#comment-130 Good stuff Byron. I spent several years in the financial sector both as a vendor and customer. I know online banking has come a long way but there are still issues. I usually recommend a couple of different strategies for protecting yourself online. If possible use a dedicated PC that is not used for email, web surfing, etc... Use it for shopping, banking and other things that require higher security. Also, just be careful what you do online. Be aware of the sites you visit and don't click on links unless you verify them. Obviously, practice common sense w/ email and such. Type in the URL by hand instead of relying on a shortcut that could become compromised. Before entering logon credentials look at the site to ensure that it is really what you think it is. Lastly, use a personal firewall that filters inbound and outbound connections and traffic along with a good, up to date AV product. Good stuff Byron. I spent several years in the financial sector both as a vendor and customer. I know online banking has come a long way but there are still issues. I usually recommend a couple of different strategies for protecting yourself online. If possible use a dedicated PC that is not used for email, web surfing, etc… Use it for shopping, banking and other things that require higher security. Also, just be careful what you do online. Be aware of the sites you visit and don’t click on links unless you verify them. Obviously, practice common sense w/ email and such. Type in the URL by hand instead of relying on a shortcut that could become compromised. Before entering logon credentials look at the site to ensure that it is really what you think it is. Lastly, use a personal firewall that filters inbound and outbound connections and traffic along with a good, up to date AV product.

]]> By: bacohido http://lastwatchdog.com/banking-trojans-infest-internet/#comment-129 bacohido Tue, 24 Feb 2009 14:10:44 +0000 http://lastwatchdog.com/?p=563#comment-129 Juan: Thanks much for your thoughtful input. On my list of things to do is an examination of antivirus suites for desktops/laptops. How effective are the blends of signature-based and behavior-based protections on the market today? Among the most well known suppliers of these suites, who's doing what that's most interesting and effective? The Trend and Cisco deal to move protection to the home router, is intriguing. AVG has been aggressive about including a Web scanning tool. What direction is the traditional desktop/laptop AV subscription suite business heading in the next two years, with malware threats continuing to rise exponentially as Panda Labs' stats show? Byron Juan:
Thanks much for your thoughtful input. On my list of things to do is an examination of antivirus suites for desktops/laptops. How effective are the blends of signature-based and behavior-based protections on the market today? Among the most well known suppliers of these suites, who’s doing what that’s most interesting and effective? The Trend and Cisco deal to move protection to the home router, is intriguing. AVG has been aggressive about including a Web scanning tool. What direction is the traditional desktop/laptop AV subscription suite business heading in the next two years, with malware threats continuing to rise exponentially as Panda Labs’ stats show?
Byron

]]> By: Juan Santana http://lastwatchdog.com/banking-trojans-infest-internet/#comment-125 Juan Santana Mon, 23 Feb 2009 00:37:00 +0000 http://lastwatchdog.com/?p=563#comment-125 Byron, Interesting and ingightfull post. Without trying to pitch Panda's products, let me respectfully disagree with Jose Nazario's quote when he says that the effectiveness of popular consumer antivirus suites in protecting against banking trojans? is only "modest". He claims that “... the volume of malware and the technology they employ - and the incentive to avoid detection at all costs - means that most AV has only modest detection of these variants ...”. At Panda Security, we have developed a technology designed to fight an ever-growing number of malware samples, as this is a trend we foresaw back in 2006. We have labelled this system Collective Intelligence and this is already available in our consumer products to better protect our customers. In addition, let me reference the following report that Pandalabs published last week "Bank details uncovered", which may be interesting to you and your readers as it relates to this very same topic. You can find it here: http://www.pandasecurity.com/img/enc/Boletines%20PandaLabs4_en.pdf Juan. CEO, Panda Security Byron,

Interesting and ingightfull post.

Without trying to pitch Panda’s products, let me respectfully disagree with Jose Nazario’s quote when he says that the effectiveness of popular consumer antivirus suites in protecting against banking trojans? is only “modest”. He claims that “… the volume of malware and the technology they employ – and the incentive to avoid detection at all costs – means that most AV has only modest detection of these variants …”.

At Panda Security, we have developed a technology designed to fight an ever-growing number of malware samples, as this is a trend we foresaw back in 2006. We have labelled this system Collective Intelligence and this is already available in our consumer products to better protect our customers.

In addition, let me reference the following report that Pandalabs published last week “Bank details uncovered”, which may be interesting to you and your readers as it relates to this very same topic. You can find it here: http://www.pandasecurity.com/img/enc/Boletines%20PandaLabs4_en.pdf

Juan.
CEO, Panda Security

]]>