Report: Large US bank hit by 20 different crimeware families

Report: Large US bank hit by 20 different crimeware families

Summary: According to a recently released Trusteer report, a large U.S bank was hit by 20 different crimeware families.

TOPICS: Security

For years, cybercriminals have been systematically undermining the effectiveness of antivirus software, successfully reaching a "malicious economies of scale" stage in their ambitions to steal money from affected parties across the globe.

One of the major shifts in their strategy over the past couple of years, is the professionalism applied to malicious campaigns targeting the weakest link in the entire trust chain - a bank's customers. Instead of trying to directly compromise the infrastructure of a specific financial institution and steal money from the inside, cybercriminals have been busy developing advanced and efficient ways to steal these very same money from a bank's customers.

In 2012, are cybercriminals still busy coming up with ways to directly compromise a financial institution's infrastructure? It appears so, at least according to recently released Trusteer advisory, indicating that during their research they found over 20 different crimeware families on a single host within a large U.S bank during a period of 12 months.

Were these targeted attacks, or good old fashioned massive spamvertised campaigns? Based on the fact that the host was infected with such a wide variety of crimeware, it appears that the host has been compromised by multiple cybercriminals/gangs of cybercriminals, who managed to trick the user behind this host, over and over again, resulting in the messy situation.

Although enterprises get compromised on a daily basis, Trusteer's findings are more of a fad, then a trend. How come? Pretty simple, its easier to target a bank's customer, compared to attempting to somehow compromise the bank's infrastructure, and cybercriminals know that already, hence their malicious campaigns orbit around this fact and will continue to do so.

What do you think? Will cybercriminals attempt more sophisticated attacks against the infrastructure of financial institutions, compared to targeting the weakest link in the trust process - the bank's customers?


Find out more about Dancho Danchev at his LinkedIn profile.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I'd love to see clarification or more info.

    If all these pieces of malware were able to get onto one host, a computer owned by a Bank, surely the IT security people have to be fired? Was the computer on the main internal LAN, together with servers?
    As opposed to "Too good to be true", this sounds "Too bad to be true". It would be horrendous - any such bank should be shut down!
    Are any more details available?
    • Ya

      But those at ZDnet bloggers don't really provide much information anyways - mostly speculation or adding to rumors created by others. Otherwise just recycle reports from other sites and make it their own. To use information from one source and no verification isn't reporting. Real journalists don't use just one source.
  • Report: Large US bank hit by 20 different crimeware families

    My answer: The banks don't really care. If they did, they would at least advise their affected customers, especially the repeat offenders that they have a very infected computer and that they would severely restrict access to the bank's computers until disinfection had taken place or they would cut off the user from the bank's system.

    It is up to the banks to protect themselves, and it seems to me that in this case they should tell the customer of his exposure to criminals in order to protect themselves.
  • Banks and crimeware hits

    Absolutely agree with bart001fr - seems to me the Bank has an obligation to chastise their customers if they don't have spyware/anti virus protection and have had accounts attacked.
  • Just What

    is the name of this "institution" that seems to be the target of these attacks? Some ppl would like to know so they can protect themselves (aka change banks)
  • Can you clarify the term 'host' in this article?

    I cannot assess how much I should be concerned about this without understanding what "host" refers to. Is "host" a PC within the banking institution? Is "host" the PC of a user that does internet banking with this institution (in which case I am very little concerned about it)? Is "host" something else? Thanks.
  • confirmation and money

    yearwL, even movies could be future events. this article is good upto its point. its upto readers to fully check=pay if you must .

    yas, banks have most of the defense. so its high possibility that criminals will focus on bank's customers= specially those less caring . and why should banks secure a customer outside the bank,when even banks are heavy battling its own attackers .

    also, banks may gain money if customers become less effective containing/maintaining accounts.

    scenario 1= customer is infected with phishing virus=logs in to a fake bank site=pays money,then logs out. what happens ? cyber criminal got the money, customer becomes late in fee and penalized by bank . at a customer issue of less than thousand amount= its horrible to scrutinize the attack, and becomes silent or lose voice.

    there are so many scenarios / possibilities. it would be foolishness to inquire to this article. just search/ hire mr bond or mr lee to do the justice =more expensive also .

    - in these cases=banks must regain the trust , otherwise people stops banking, and economy slows down .
  • ynot they have nutin better to do and it’s the closest thing to free money.

    All ICT providers and consumers need to be constantly on the guard against this sort of behaviour. Education is the answer!

    As they test a system (albeit wickedly) from all angles someone needs to be spreading the gospel on how to update hardware/software and human behaviour ready for next onslaught. I tell you now they will not stop until the money flow stops. Would you?