Trusteer launches search engine for malware configuration files

Summary:Trusteer's recently launched "Attack Trace" search engine aims to help financial institution by letting them search through the configuration files of popular banker malware SilentBanker, WSNPOEM/Zeus/PRG/Zbot and Torpig in order for them to verify whether or not their sites are targeted.

The Trusteer Attack Trace Search Engine
Trusteer's recently launched "Attack Trace" search engine aims to help financial institution by letting them search through the configuration files of popular banker malware SilentBanker, WSNPOEM/Zeus/PRG/Zbot and Torpig in order for them to verify whether or not their sites are targeted. And while the search engine is a marketable way to initiate a response channel, it doesn't take into consideration a simple fact - that modern banker malware is no longer exclusively targeting a particular E-banking site, but is targeting all of them simultaneously.

"The Trusteer Attack Trace search engine allows IT professionals to submit their organization's web address and see a list of malware configuration files that are designed to commit fraud against their brand. By typing their URL address into the Attack Trace search engine, users get a glimpse into the cross section of malware that is specifically aimed at their website and what the code is written to accomplish. The Trusteer Attack Trace search engine searches for leading Trojans and other attack codes including Torpig/Sinowal, WSNPOEM, and NetHell."

The Trusteer Attack Trace Search Engine
Doing a basic search for https sites, you'll notice the obvious fact that the majority of popular E-banking and online payment services are well researched, and already targeted. The mindset of the crimeware author is fairly simple and that's what makes it so dangerous since it relies on two key objectives - scalability and efficiency. Due to the modular nature of modern crimeware, as well as the fact that its open source, the original author or the crimeware kit's users are capable of writing their own "injects" which basically represent researched session activities at targeted financial institutions, thereby making the process of hijacking it efficient.

If financial institutions really want to find out whether they're targeted by modern banker malware, they should automatically assume so without any hesitation.

Topics: Malware, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.