As protection of online banking security continues to develop, cybercriminals are increasingly supplementing spy Trojans operating on users’ computers with mobile modules so they have a better chance of stealing money from the victims’ bank accounts.
This one of the findings from Kaspersky Labs’ monthly report on users’ computer and the Internet, for July.
During July, the company detected a new version of the mobile spy Trojan ZitMo, capable of stealing mTAN codes, one-time passwords used when performing a remote transaction and sent to the bank customer via SMS. The mobile version of the notorious ZeuS Trojan has already been detected running on Symbian, Windows Mobile and BlackBerry platforms and now it has added Android devices to its list.
If a user’s computer is infected with ZeuS, and the mobile phone is infected with ZitMo, the cybercriminals gain access to the victim’s bank account and can intercept the one-time transaction password sent by the bank to the user. In this case, even authentication using mTAN codes cannot prevent the victim’s money from being stolen from their bank account.
Overall during July, Kaspersky Lab found that 182,045-million network attacks were blocked; 75,604-million attempted web-borne infections were prevented; 221,278-million malicious programs were detected and neutralised on users’ computers; and 94-million heuristic verdicts were registered.
It’s not only anti-virus vendors who gave cybercriminals a hard time. Last month Google excluded more than 11-million URLs with .co.cc addresses from its search results. The “blocked” domain zone is among the largest globally, ranking fourth after .com, .de and .net in terms of registered domain names. In most cases the domain’s URLs are used by cybercriminals to spread rogue antivirus programs or conduct drive-by attacks. However, it is difficult to say how successful Google’s campaign has been – there are indeed fewer cybercriminals using the .co.cc domains, but they have merely started using the services of other domain zone registrars.
Once again our prediction that 2011 would be the year that cybercriminals target absolutely any kind of data has proved true. In July, the experts at Kaspersky Lab uncovered an interesting development – Brazilian phishers have started stealing the “miles”accrued by frequent flyers. Not only are they using them to buy tickets but also as a form of currency. In one IRC message, a cybercriminal was selling access to a Brazilian botnet that sends spam in exchange for 60 000 miles, while in another message air miles were offered for stolen credit cards.
Drive-by-download attacks remain one of the most popular methods of infecting users’ computers with malicious programs. Every month new entries that facilitate such attacks – redirectors, script downloaders and exploits – appear in the Top 20 malicious programs on the Internet. There were a total of 11 in July.