Researchers intercept dangerous new banking Trojan

Researchers intercept dangerous new banking Trojan

Summary: Malware hunters have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the United States.

SHARE:

Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the United States.

The Trojan, dubbed "Bugat," targets Automated Clearing House (ACH) and wire transfer transactions by small- and mid-sized business in the U.S., much like the virulent Clampi Trojan that has stolen tens of millions of dollars.

According to SecureWorks researcher Jason Milletary, the Bugat Trojan includes features commonly found in malware used to commit credential theft for financial fraud.

These include:

  • Internet Explorer (IE) and Firefox form grabbing
  • Scrape or modify HTML for targeted sites
  • Steal and delete IE, Firefox, and Flash cookies
  • Steal FTP and POP credentials
  • SOCKS proxy server (v4 and v5)
  • Browse and upload files from the infected computer
  • Download and execute programs
  • Upload list of running processes
  • Delete system files and reboot computer to render Windows unable to boot

The Trojan communicates with a remote command and control web server to receive commands and to exfiltrate stolen information.

As part of this process, the malware also receives a list of URL target strings used to monitor the victim’s web browser activity. These target strings indicate a strong interest in websites used for business banking and wire transfers. Bugat may also use HTTPS in an attempt to secure its command and control communications.

For more information on these types of attacks, see reporting by Brian Krebs on the WaPo SecurityFix blog.

Topics: Banking, Browser, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

76 comments
Log in or register to join the discussion
  • Could you please clarify?

    From

    [i]Delete system files and reboot computer to render Windows
    unable to boot[/i]

    I get that it affects Windows.. but does it affect anything else?
    AzuMao
  • This will be a recurrent problem until everyone switches to safe systems

    Meanwhile those of us already on safe systems can do nothing but watch amused as the drama unfolds.
    The Mentalist
    • The most secure computer is not going to protect against stupid users. [nt]

      [nt]
      olePigeon
      • A system is composed by both machines and users, safety is on both sides

        You can always educate the user but if the machine side is sub-par then no amount of education will be enough to produce a safe system.
        The Mentalist
        • CAUTION HOT!

          I am guessing you are one of those people who have no idea that coffee is hot, ice is slippery, walking on railways is dangerous...

          It is a trojan. HOW can machine protect a system if despite the warnings issued by the OS the user deliberately hits the button that says "YES! YES! YES! I AM THAT STUPID. RUN THIS FILE THAT I JUST DOWNLOADED FROM THIS COOL WEB SITE IN NIGERIA THAT PROMISSES ME 100 MILLIONS OF DOLLARS"?
          pupkin_z
          • MS could approve apps for Windows

            MS could prevent the installation of any
            Windows application that isn't approved by MS.

            HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!!!!!! I'd love
            to see the reaction of the Apple cultists after
            that one. Considering how much they all
            [b]freaked[/b] out when it was announced that
            all 64 bit Vista drivers would have to be
            signed by MS, I can only imagine the outcry if
            that policy was extended to apps. Of course,
            when Apple does it to block the installation of
            competing software, then it is okay.

            Cue the double standards...
            NonZealot
          • Huh?

            Why would someone not using Windows get freaked out over
            problems in Windows? That makes no sense.


            Anyways, the solution already exists and has been in use for a
            long time in less crappy OSs. It's called having a software
            repository, and everything else being source.
            AzuMao
          • MS should do exactly that....

            which would get rid of all malware in due time. If Apple had not done
            this for their mobile devices, they too would be plagued by this modern
            technological scourge. The only ones who would object to this, are the
            nerds and techies of this world. The ordinary user type folks are evidently
            all for this, as shown by the success of the iTunes app store.
            arminw
      • Yes it is..

        ..unless by users you mean sysadmins?
        AzuMao
    • How is your system so safe? Oh, I know

      you never turn it on.

      Can't beat that for security.
      AllKnowingAllSeeing
      • That was so silly that not even I know what to say

        .
        The Mentalist
      • Yes you can.

        If it's off someone could steal it/replace it with
        keyloggers/etc without you knowing.


        Anyways, a far easier more practical solution is to use
        an OS that was actually designed with security in mind.
        AzuMao
        • Which would be? (nt)

          NT
          deanders
          • One based on a UNIX-like kernel.

            [b] [/b]
            AzuMao
    • Nothing to do

      I finally realized why Mac and Linux users post so much to articles about Windows OS, they have nothing else to do. Since they run computers with operating systems that can run only a very small percentage of the available software out there, they have plenty of time to tell us how great their OS is.
      gwthornt
      • I second that - MAC/Linux user ... dwell on this ...

        an "elite", that needs to remind everyone that they are "elite", is not an "elite", but a bunch of insecure nerds ...
        That's how you are being perceived, by other reading your posts.
        hifi2
      • No, Mac and Linux users have computers....

        that require far less maintenance. They don't have to clean spyware and
        other crap out periodically, try to maintain an obtuse registry and other
        futzing around with a cantankerous Windows operating system. Windows
        7 is a bit better, but still requires more work than a Mac. Macs just work.
        That is why Mac users have more time to razz hapless Windows users.
        arminw
        • "Macs just work"? Is that before or after the $300 refund?

          nt
          IAmLegion20ll
        • No, Mac and Linux users have computers....

          ...with limited market share. So little that the "spyware and other crap" developers don't waste their time on them. If either of them actually grab a market share as large as the MS one you'll see the tables turn. Personally, I'd love to see that if only to put MS in a position where they'd have to compete and consider what their users actually want rather than what the marketing personnel and engineers mandate.
          raykaville
          • That's been refuted over and over...

            and over.

            http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/#bursting

            and

            http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/#winvslinuxdesign
            SpikeyMike