Malware is getting more and more sophisticated. Bent on destruction, it is seemingly immune to modern weapons. One such Trojan horse program is very sophisticated and it keeps reinventing itself in its greedy quest to empty bank accounts.
The URLzone Trojan, which was recently discovered by Finjan Software, is highly advanced and proof positive that the bad guys are keeping up with technology as well as the good guys (if not being a step ahead, sad to say). This strain of malware rewrites bank pages; victims do not know that their accounts have been tampered with and emptied in many cases. Its interface is sophisticated and diabolical as it’s command-and-control feature allows the bad guys pre-set the percentage of the account balance they wish to clear out!
URLzone is a formidable adversary.. RSA researchers claim that this malware utilizes several techniques to discover those machines that have been set up by investigators and law enforcement, and so far, they have been impossible to fool.RSA Security was founded by and named after the inventors of public key cryptography: Ron Rivest, Adi Shamir and Leonard Adelman. According to Aviv Raff, RSA’s Fraud Action research lab manager:
“We typically create programs that are designed to mimic the behavior of real Trojans. When URLzone identifies one of these, it sends it bogus information. Security experts have long published research into the inner workings of malicious computer programs such as URLzone…Now the other side knows that they are being watched and they’re acting.”
URLzone is merciless when it discovers a program established by the “good guys.” Some malware might be content to simply disconnect, but not URLzone. The server forces money transfers, but not by one of their own people recruited to move cash overseas. They choose an innocent victim; someone who has received legitimate money transfers from other hacked computers on the network. To date, more than 400 legitimate accounts have been manipulated in this manner.
The idea is to confuse researchers and to prevent the criminal’s real money mules from being discovered. Although banking Trojans are not new and have been responsible for the loss of many accounts of innocent people, the URLzone represents the first of a frightening and smarter generation of malware. To date, according to police dog, Finjan, this banking Trojan infected as many as 6,400 computers last month alone and was clearing a hefty $17,500 per day!
One can only wonder if Andrew Jackson wasn’t right after all.
It has been said that Old Hickory didn’t trust banks. If your money isn’t safe there, where can it ever be?